Information security in healthcare is essential, since sensitive patient data are regularly exchanged. Negligence may have major consequences for the safety of patients and the security of their medical records. How do you show that you handle this data with care and confidentially? NEN 7510 certification is reassuring. You demonstrate that you handle this privacy-sensitive data correctly. You show your patients/clients, suppliers, health insurers and other stakeholders that you have taken the right measures.

NEN 7510 standard

The purpose of information security in healthcare is to maintain the confidentiality, availability and integrity of information. The basis of NEN 7510 is the implementation of a management system in which the implementation and management of controls are laid down. This standard focuses on people rather than just technology. You show how your employees handle privacy-sensitive information. And your organization guarantees the development and continuity with regard to data processing.

NEN 7510 certification

A NEN 7510 certificate is proof that you handle data from patients or clients in a secure and responsible way. Proof for patients, clients, but also for health insurance companies, the Healthcare Inspectorate (IGZ), MedMij and regulators. You set up the system according to the NEN 7510 standard and then have its operation assessed and certified by an independent party.

NEN 7510:2017 revised healthcare standard

From 1 June 2018 to 1 June 2020, a transition period applies, in which certification is possible against both NEN 7510:2011 and NEN 7510:2017. On 1 June 2020, every certificate holder must have switched to NEN 7510: 2017.

Is NEN 7510 certification important for your organization?

NEN 7510 certification applies to all types of healthcare providers and their suppliers such as: nursing homes, hospitals, physical therapists, mental healthcare institutions, software suppliers and various other service providers who work with or have access to patient data.

Brand Compliance has a licence agreement with NEN for NEN 7510:2017 certification.

Medmij

More and more people want insight into their health. At present care data are stored in various places, such as the hospital, the general practitioner, the pharmacy, etc. Until now, it is not possible to view all this data in one place.

MedMij aims to ensure that anyone who so wishes has access to their health data in one personal health environment, or PHE, such as apps and websites. Highly sensitive information is processed within these PHEs. This is why it is so important to keep this information well protected.

Medmij framework

For this reason, the MedMij framework has been developed. This framework helps to ensure that personal, sensitive and confidential health data can be exchanged in a secure and user-friendly manner. One of the requirements is that all participants who (plan to) develop a PHE must be in possession of NEN 7510 certification including the additional audit statement and report.

Is your organization developing a PHE? And do you want to comply with the MedMij framework? Brand Compliance has a licence agreement with NEN and will conduct the audit to obtain certification against NEN 7510 including the additional audit statement and report. As every organization is different, we are ready to talk to you personally to identify which steps are still needed.

More information

FAQ

For whom is NEN 7510 certification important?

A NEN 7510 certification applies to all types of healthcare providers and their suppliers such as: nursing homes, hospitals, physiotherapists, mental health institutions, software suppliers and various other service providers who work with or have access to patient data.

When is NEN 7510 required?

Often, NEN 7510 certification is not mandatory, but an organisation gets certified to prove itself to its stakeholder and to distinguish itself from the market. But there is also a possibility that one of an organisation’s stakeholders does make NEN 7510 certification mandatory. For instance, a health insurer may make it mandatory for its member healthcare organisations or one of its suppliers may make it a requirement. An example of this is MedMij.

What is the difference between ISO 27001 and NEN 7510?

The basis of both standards is the same. NEN 7510 is specific to organisations that process personal health information. This standard has named 3 additional controls and a care-specific controls for 33 existing control measures.

Read the whole article here >