{"id":20230,"date":"2024-02-21T18:05:16","date_gmt":"2024-02-21T17:05:16","guid":{"rendered":"https:\/\/brandcompliance.com\/?post_type=docs&#038;p=20230"},"modified":"2024-02-21T18:08:23","modified_gmt":"2024-02-21T17:08:23","password":"","slug":"healthcare-institution","status":"publish","type":"docs","link":"https:\/\/brandcompliance.com\/en\/docs\/healthcare-institution\/","title":{"rendered":"NEN 7510 without healthcare institution?"},"content":{"rendered":"<p>The <a href=\"https:\/\/www.nen.nl\/en\/nen-7510-1-2017-a1-2020-nl-267179\" rel=\"noopener\">standard NEN 7510<\/a> focuses on the following target groups:<\/p>\n<ul>\n<li>healthcare institutions;<\/li>\n<li>other administrators of personal health information.<\/li>\n<\/ul>\n<p>In this article, we highlight a situation concerning the certification of the latter target group, referred to as &#8216;administrator&#8217;. This target group has healthcare institution(s) as its client, referred to as &#8216;healthcare client&#8217;.<\/p>\n<h2>Healthcare institution<\/h2>\n<p><img decoding=\"async\" class=\"size-medium wp-image-20243 alignright\" src=\"http:\/\/brandcompliance.com\/wp-content\/uploads\/2024\/02\/blurred-abstract-background-interior-view-looking-out-toward-empty-office-lobby-entrance-doors-glass-curtain-wall-with-frame-_web-300x200.jpg\" alt=\"healthcare institution\" width=\"300\" height=\"200\" srcset=\"https:\/\/brandcompliance.com\/wp-content\/uploads\/2024\/02\/blurred-abstract-background-interior-view-looking-out-toward-empty-office-lobby-entrance-doors-glass-curtain-wall-with-frame-_web-300x200.jpg 300w, https:\/\/brandcompliance.com\/wp-content\/uploads\/2024\/02\/blurred-abstract-background-interior-view-looking-out-toward-empty-office-lobby-entrance-doors-glass-curtain-wall-with-frame-_web-768x513.jpg 768w, https:\/\/brandcompliance.com\/wp-content\/uploads\/2024\/02\/blurred-abstract-background-interior-view-looking-out-toward-empty-office-lobby-entrance-doors-glass-curtain-wall-with-frame-_web-600x401.jpg 600w, https:\/\/brandcompliance.com\/wp-content\/uploads\/2024\/02\/blurred-abstract-background-interior-view-looking-out-toward-empty-office-lobby-entrance-doors-glass-curtain-wall-with-frame-_web.jpg 800w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>Whereas it is obvious for healthcare institutions to process personal health information, this is not always the case for administrators. The situation may arise where an administrator is asked by a healthcare client to comply with NEN 7510, while the administrator has no other healthcare clients (yet).<\/p>\n<h2>Administrator<\/h2>\n<p>An administrator is eligible for a NEN 7510 certification if it can demonstrate that:<\/p>\n<ul>\n<li>Personal health information is processed;<\/li>\n<li>The Statement of Applicability contains healthcare-specific controls relevant to the processing of the personal health information, and which result from the information security risk assessment.<\/li>\n<\/ul>\n<p>If your organization does not yet have a healthcare client, it is not yet processing personal health information. For this reason, your organization is not eligible for a NEN 7510 certificate.<\/p>\n<h2>Solution<\/h2>\n<p>There is a solution for the above situation. <span class=\"jCAhz ChMk0b\"><span class=\"ryNqvb\">Your organization first chooses ISO 27001 certification.<\/span><\/span> <span class=\"jCAhz ChMk0b\"><span class=\"ryNqvb\">This already covers a large part of the NEN 7510 requirements<\/span><\/span>. The service is then started and after a certain period the ISO 27001 certification is expanded with NEN 7510. You can read how to approach this extension in the article: <a href=\"https:\/\/brandcompliance.com\/en\/docs\/how-to-expand-with-nen-7510\/\">How to expand with NEN 7510<\/a>.<\/p>\n<p>Do you have additional questions? Please <a href=\"https:\/\/brandcompliance.com\/en\/contact\/meet-brand-compliance\/\">contact<\/a> one of our specialists. They will be happy to help you.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The standard NEN 7510 focuses on the following target groups: healthcare institutions; other administrators of personal health information. In this article, we highlight a situation&#8230;<\/p>\n","protected":false},"author":22,"featured_media":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"doc_category":[2361],"doc_tag":[],"class_list":["post-20230","docs","type-docs","status-publish","hentry","doc_category-nen-7510-en"],"acf":[],"year_month":"2026-04","word_count":249,"total_views":"3416","reactions":{"happy":"0","normal":"0","sad":"0"},"author_info":{"name":"Hilde","author_nicename":"hilde","author_url":"https:\/\/brandcompliance.com\/en\/author\/hilde\/"},"doc_category_info":[{"term_name":"NEN 7510","term_url":"https:\/\/brandcompliance.com\/en\/docs-category\/nen-7510-en\/"}],"doc_tag_info":[],"knowledge_base_info":[],"knowledge_base_slug":[],"_links":{"self":[{"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/docs\/20230","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/types\/docs"}],"author":[{"embeddable":true,"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/users\/22"}],"replies":[{"embeddable":true,"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/comments?post=20230"}],"version-history":[{"count":0,"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/docs\/20230\/revisions"}],"wp:attachment":[{"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/media?parent=20230"}],"wp:term":[{"taxonomy":"doc_category","embeddable":true,"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/doc_category?post=20230"},{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/doc_tag?post=20230"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}