Responsible use of data is a precondition for good care

Careful and technical exchange of medical data

The careful and technical exchange of medical data is becoming increasingly important, but healthcare organizations often lack knowledge and experience in this area.

Privacy Compliance

Logically, the healthcare sector is under a magnifying glass when it comes to compliance with privacy rules. This became clear last month with the fine imposed on the OLVG by the Dutch Data Protection Authority (AP). The Amsterdam hospital had to pay EUR 440,000 for insufficient protection of patient data in the period 2018 to 2020. Earlier in 2019, a fine of EUR 460,000 was imposed on the Haga Hospital in The Hague because the internal security of patient files was not in order. And then there is the example of the Brava hospital, where a patient sued the hospital for a data breach.

Knowledge and experience

In practice, we notice that care organizations are not lacking in willpower – medical professional secrecy is part of the healthcare provider's DNA and as old as the Hippocratic Oath – but in knowledge and experience about how the legal framework should manifest itself in the workplace.

Healthcare and privacy laws

The rights of patients in relation to (the protection of) their medical data are laid down in a complex set of healthcare and privacy laws, including medical confidentiality in the Medical Treatment Agreement Act (WGBO). In addition, relevant guidelines have been established and special legislation applies to data use in the context of medical research. These laws are not new, but the General Data Protection Regulation (GDPR) imposes additional obligations on healthcare providers that must be shaped in the context of the aforementioned specific healthcare laws.

Legal-technical complexity

The technical security question also causes the necessary headaches. Partly because of the dependence of healthcare organizations on various IT suppliers for GDPR compliance, such as the option of logging or deleting data in systems.

The ICT supplier is not always able to deliver an AVG compliant care system. Moreover, when setting up a care system, a care provider must also weigh up the security of personal data on the one hand and any risks of being able to technically shield/remove certain data for the quality, continuity and safety of the care provision on the other.

The challenge for the field lies in this legal-technical complexity. Care organizations collect large amounts of medical data for the purposes of care and research, and in doing so run up against the limitations of implementing the legal framework in practice in a conclusive manner.

This while – in a society in which digital forms of care, reinforced by the outbreak of the Covid-19 virus, are increasingly becoming the norm – the careful and technical exchange of medical data is becoming increasingly important. How can we ensure a sustainable data and privacy policy in healthcare organizations where both care and the patient are central?


First of all, much more is already possible within the existing legal frameworks than people think. Clarity about (in)correct use of medical data is essential here. The various legal frameworks must be made transparent and must be properly coordinated. The solution lies in an effective data policy that enables healthcare workers to manage data in a faster and more secure way. This policy must be organizationally embedded in and in line with the strategy of the healthcare organization.

The supporting technology is also an important precondition for (further development of) the (legal) possibilities for data use in healthcare. Attention to privacy by design and data security is essential in this regard. ICT suppliers play an important role in ensuring that the supporting technology is actually made available.


In addition to the current possibilities, in the interest of the transformation of healthcare, solutions in the field of data sharing are also actively being considered, both in a technical and legal sense. More and more applications are becoming available from technology to share data safely and easily.

From a legal context, for example, an (extended) system for data use in the context of medical research based on solidarity is being considered. This system is based on an 'opt-out' (read: no objection) option instead of the patient's prior consent for the use of his health data for medical scientific research in the interest of public health ('data solidarity'). . Another example concerns the development of the personal health environment (PBL) to give patients (more) control over their medical data.

Effective data policy

As far as we are concerned, the first step for healthcare organizations is to properly investigate what is possible within the current legal framework and current technological solutions, for example in the field of logging or authentication. By applying an effective data policy and supporting technology, healthcare organizations can subsequently ensure careful handling of data. Finally, proper use of data in healthcare is a very important precondition for the provision of responsible (digital) healthcare. There can be no discussion about that.

Post a Comment