Huisartsenspoedpost Tiel

Life threatening situation? Always call 112
Life threatening situation? Always call 112
Home » Privacy and medical records

Privacy and medical records

1. General

In order to provide good medical care, we record your contact details and medical data. We do this in line with the Medical Treatment Agreement Act (Wgbo) and the General Data Protection Regulation (GDPR). This means that we only use your data for the provision of medical care and the resulting administration and that we protect your data against infringement by third parties.

2. Consent to data exchange

Good, safe and fast care starts with the right information. About your health at that time, any other conditions and about your medication use. It is important that your healthcare provider has the right information to be able to provide good and safe care. Information about your health is made available to your healthcare provider via the National Chess Point (LSP). But only if necessary. And only if you have given permission for this. With your permission, your healthcare provider has access to certain parts of your file, such as any conditions, allergies and medication use. It is important that you arrange this yourself in advance.
Go to ‘Personal Environment’ on www.volgjezorg.nl to arrange permission for the exchange of medical data. You can also follow what happens to your medical data here. What types of data have been shared with your consent? Which healthcare provider(s) have they been looked at? And when? This way you always know what happens to your medical data.

3. Identification requirement

When you call the out-of-hours GP service, we will ask you for your BSN number so that we can identify you. If you visit the GP post, you must bring your identification document (passport, driver’s license or identification card) and the insurance details (card). Identification is necessary for correct registration in patient files and other records, and to prevent abuse. We only process the personal data that is necessary for the purposes described above.

4. Exchange of data

We only provide your personal data to third parties if there is a valid basis for doing so. We provide your personal data to, among others, health insurers, internal and external healthcare providers and chain partners. Sometimes we have to share data because of a legal requirement, for example we have to report infectious diseases to the GGD.

Cooperation agreement with healthcare partners in the region: in order to continue to meet the demand for acute care in the future, we work closely with fellow healthcare providers from the ambulance station and GP posts in our region. This partnership makes it possible to help each other in the event of increasing telephone waiting times by taking over patients from each other and speaking to them by telephone. This requires access to the electronic patient file.

5. Who has access to your data

General practitioners, triage nurses and employees of the out-of-hours GP service who are involved in the direct provision of care may view your data. They use a special card (UZI card) and login code for this. They only have access to the data that is necessary for the performance of their task and this is also registered. Doctors have professional secrecy, triage nurses and employees have a duty of confidentiality.

6a. Sound recordings and CCTV

In order to monitor the quality of our services and to improve them if necessary, we record telephone conversations. Video cameras are available in the waiting areas of the GP post to ensure the safety of patients, visitors and staff. These images are also used to monitor the health status of patients who are not directly visible. The images are played live and then immediately destroyed. There is no storage of camera images.

6b. Sound recordings, photos and film recordings by the patient

You may record the conversation with your healthcare provider in the consulting room (sound recording). This way you can still listen to the information at home. A recording of the conversation can help you to make a treatment choice, for example. Important to know:

  • Ask your doctor for permission in advance before admission. This is not mandatory but neat;
  • The recording is only intended for yourself. You may not share the recording publicly without the consent of the healthcare provider;
  • Taking photos or a video in which other people* are also in the picture is not allowed. This is in connection with everyone’s right to privacy.

*Think, for example, of those waiting in the waiting room, our employee(s) and your attending physician.

7. Retention periods

We keep your medical file in accordance with the legal obligation: a maximum of 20 years. For audio tapes, we use a maximum period of 13 months. We store your medical data longer than this period if this is required by law, if this is necessary for proper care (e.g. in the case of a chronic condition) or if the data is of great importance to someone else (e.g. in the case of hereditary diseases).

8. Processing of special categories of personal data

We only process data about your health, hereditary data (genetic data) or sexual behaviour or sexual orientation to the extent necessary for the proper treatment or care of you as a patient. Data about your religious or philosophical beliefs will not be processed, except at your own request in the context of your treatment or within our GP post.

9. Security of your personal data

We take appropriate technical and organisational measures to protect your personal data against loss, unauthorised access or unlawful processing. We ensure appropriate security in line with the applicable legal requirements and guidelines. In this context, various measures have been taken, including encryption of data and communication, access control and treatment of your personal data as confidential. We use the NEN 7510 standard for information security.

Access to your personal data is limited to employees and affiliated GPs of the out-of-hours GP service, who are involved in your care provision or who are entitled to do so for another reason. Employees and affiliated GPs who have access to your personal data have a duty of confidentiality. We require the same technical and organizational measures from organizations that process your personal data on our behalf and have laid this down in processing agreements.

10. Right of access

You have the right to inspect your medical file. If it turns out that data about you is incorrect, you have the right to have it corrected or deleted by us. It may not be possible to (fully) comply with a request (for example, if your access leads to an infringement of the privacy of others). You have the right to a copy of the data from your patient file. However, we do not provide any data from your file that has been collected or drawn up by an external practitioner (not working at the Emergency Post General Practitioners Gelders Rivierenland).

You have the right to request that we forward your data to another doctor, a medical institution or health insurer. You can also authorise someone to inspect your file on your behalf or to request a copy on your behalf.

How do you request a copy of the patient file?
If you would like to have a copy of your file, please fill inThis formr and send it to info@gezondrivierenland.nl

Right to be forgotten

You have the right to have your data deleted. However, it is possible that not all your data may be deleted. For example, the right to have your data erased does not apply if we process it for a matter of public interest in the field of public health or if your data is necessary for a legal claim.

Withdrawal of consent

If we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time. We will then immediately cease processing. The withdrawal of permission does not have retroactive effect.

11. Controller

The management of the Gelders Rivierenland GP Post is responsible for the processing of your personal data in accordance with the applicable laws and regulations.

12. Data Protection Officer

The out-of-hours GP service has appointed a Data Protection Officer (DPO). The DPO supervises compliance with privacy legislation and advises the management on the application of privacy legislation. The DPO is your contact person for any questions about privacy, both for you as a data subject and for the Dutch Data Protection Authority. You can reach the DPO by e-mail via fg@gezondrivierenland.nl

13. Complaints procedure

If you have any questions or a complaint about the way in which we handle your data, you can do so in writing via: klachtenfunctionaris@gezondrivierenland.nl

14. Privacy statement addendum

The self-triage service “Do I have to go to the doctor”

When using the self-triage service “Do I need to go to the doctor?” (hereinafter: App), you enter certain personal data via our website and leave certain personal data. Because it concerns privacy-sensitive data, we think it is important that we handle it with care.

When using the App, you fill in personal data about yourself or about someone else for whom you use the App and a conclusion is given. The personal data that we process from you through this service are:

  • gender
  • Date of birth
  • outcome of each completed triage (urgency)

Not in all cases is the data you enter personal data. An example of this is the fact that the App creates a UID (Unique Identifier for the device used). Nevertheless, we want to inform you clearly about what we do with your data. The information entered is primarily necessary to be able to answer the question ‘do I need to go to the doctor?’. Your gender and date of birth will be processed anonymously by the back-end of the App for the purpose of analyzing the use of the App. This can then ensure that the App works even better in the future and we can generate anonymous statistics. Your IP address is processed anonymously by the web server into a session number, so your personal data cannot be traced.

Scientific research

“Do I have to go to the doctor?” conducts scientific research in collaboration with the Gorinchem GP post. This means that “Do I have to go to the doctor?”, in collaboration with GP post Gorinchem and other GP posts in the Netherlands, monitors and improves the effect of self-triage, the security and performance of the App. The data used for this purpose from the out-of-hours GP service cannot be traced back to an individual person, namely: patient ID, timestamp of the start of telephone triage, age in years, gender, NTS entry complaint, urgency, triage duration and the call result. A link will be made on the basis of this telephone triage data and on the basis of the self-triage data. Based on the self-triage advice and the call result of the telephone triage, researchers can determine the effect, safety and performance of the App for the out-of-hours GP service.

15. We query the Registration by Name (ION) database

If you report to the medical station with an acute care question, we will note which GP practice you are registered with and send your GP a message about the treatment at the medical station. This way your own GP can continue with this. We want to inform the right GP practice about your treatment. That is why we check this in the Registration By Name database, which is managed by the Foundation for Registration by Name. In this plan, GP practices themselves determine who is registered with them. See www.inschrijvingopnaam.nl. This database does not contain any medical data about you. It only says that you are registered with your GP practice. If you have any questions about this, please contact the ION Foundation: www.inschrijvingopnaam.nl/contactformulier