Information security in healthcare is essential, since sensitive patient data are regularly exchanged. Negligence may have major consequences for the safety of patients and the security of their medical records. How do you show that you handle this data with care and confidentially? NEN 7510 certification is reassuring. You demonstrate that you handle this privacy-sensitive data correctly. You show your patients/clients, suppliers, health insurers and other stakeholders that you have taken the right measures.

NEN 7510 standard

The purpose of information security in healthcare is to maintain the confidentiality, availability and integrity of information. The basis of NEN 7510 is the implementation of a management system in which the implementation and management of controls are laid down. This standard focuses on people rather than just technology. You show how your employees handle privacy-sensitive information. And your organization guarantees the development and continuity with regard to data processing.

NEN 7510 certification

A NEN 7510 certificate is proof that you handle data from patients or clients in a secure and responsible way. Proof for patients, clients, but also for health insurance companies, the Healthcare Inspectorate (IGZ), MedMij and regulators. You set up the system according to the NEN 7510 standard and then have its operation assessed and certified by an independent party.

NEN 7510:2017 revised healthcare standard

From 1 June 2018 to 1 June 2020, a transition period applies, in which certification is possible against both NEN 7510:2011 and NEN 7510:2017. On 1 June 2020, every certificate holder must have switched to NEN 7510: 2017.

Is NEN 7510 certification important for your organization?

NEN 7510 certification applies to all types of healthcare providers and their suppliers such as: nursing homes, hospitals, physical therapists, mental healthcare institutions, software suppliers and various other service providers who work with or have access to patient data.

Brand Compliance has a licence agreement with NEN for NEN 7510:2017 certification.


More and more people want insight into their health. At present care data are stored in various places, such as the hospital, the general practitioner, the pharmacy, etc. Until now, it is not possible to view all this data in one place.

MedMij aims to ensure that anyone who so wishes has access to their health data in one personal health environment, or PHE, such as apps and websites. Highly sensitive information is processed within these PHEs. This is why it is so important to keep this information well protected.

Medmij framework

For this reason, the MedMij framework has been developed. This framework helps to ensure that personal, sensitive and confidential health data can be exchanged in a secure and user-friendly manner. One of the requirements is that all participants who (plan to) develop a PHE must be in possession of NEN 7510 certification including the additional audit statement and report.

Is your organization developing a PHE? And do you want to comply with the MedMij framework? Brand Compliance has a licence agreement with NEN and will conduct the audit to obtain certification against NEN 7510 including the additional audit statement and report. As every organization is different, we are ready to talk to you personally to identify which steps are still needed.

Voor wie is de NEN 7510 certificering van belang?

Een NEN 7510 certificering is van toepassing op alle typen zorgaanbieders en hun toeleveranciers zoals: verpleeghuizen, ziekenhuizen, fysiotherapeuten, GGZ-instellingen, softwareleveranciers en diverse andere dienstverleners die met patiëntgegevens werken of daar toegang toe hebben.

Wanneer is NEN 7510 verplicht?

Vaak is een NEN 7510 certificering niet verplicht, maar laat een organisatie zich certificeren om zich te bewijzen naar zijn belanghebbende en zich te onderscheiden van de markt. Maar er is ook een mogelijkheid dat één van de belanghebbende van een organisatie de NEN 7510 certificering wel verplicht stelt. Zo kan het zijn dat een zorgverzekeraar het verplicht stelt voor de aangesloten zorgorganisaties of dat één van de leveranciers het als eis stelt. Een voorbeeld hiervan is MedMij.

Lees hier het hele artikel >

Wat is het verschil tussen ISO 27001 en NEN 7510?

De basis van beide normen is hetzelfde. NEN 7510 is specifiek voor organisaties die persoonlijke gezondheidinformatie verwerken. Deze norm heeft 3 extra beheersmaatregelen en voor 33 bestaande beheersmaatregelen een zorg specifieke beheersmaatregel benoemd.

Lees hier het hele artikel >