Click here for a
Consultation

Privacy regulations

Digital Patient File Privacy Policy

In order to properly treat patients, Dr. M. Iprenburg of Spineclinic Iprenburg must create and maintain a medical file. Moreover, this is a legal obligation of every health care provider. The file contains notes regarding your state of health as well as details of examinations and treatments you have undergone. The file is also used to store details that are necessary for your treatment. If necessary, with your permission M. Iprenburg can request these details from your family doctor, for example, or from a medical specialist in another hospital.

Privacy

All your medical data is stored digitally. Before you visit Spineclinic Iprenburg, via the Internet you can complete a list of questions related to your symptoms. This information is also stored in your medical file As a patient you have a right to protection of your personal and medical data. Spineclinic Iprenburg has a strict, written protocol for protection of your personal and medical data. The storage protocol for your data has been registered with the Dutch Data Protection Authority (CPB).

Purpose of processing personal and medical details

Spineclinic Iprenburg processes data, in particular personal data and medical data, appropriately and with due care in compliance with legislation in this area. The Spineclinic makes a distinction between General patient data and Medical patient data. General patient data relates to the patient’s identity in the broadest sense, for example name, address and date of birth. The medical patient data relates to the patient’s health. General data is processed by Spineclinic Iprenburg with the intention of enabling the patient to login and add his or her personal data to his/her medical file. The processing of general personal data is also intended to enable efficient reporting and invoicing.

The individual patient provides medical personal data to M. Iprenburg in order to obtain the best possible medical care. This is in compliance with Article 21 of the Personal Data Protection Act (Wbp). Moreover, in respect to an agreement for medical treatment, Spineclinic Iprenburg is required by book 7, part 7, chapter 5 of the Dutch Civil Code to create and maintain a patient file for a period of ten years. Your insurer has no access to your medical file. Your data will not be used for any commercial purposes. Your data will not be disclosed to any third party without your express permission.

How personal data is processed

Data processed by Spineclinic Iprenburg is adequate but not excessive for the purpose of providing the best possible medical care. As the medical party with ultimate responsibility at Spineclinic Iprenburg, under the law M. Iprenburg is responsible for the correct functioning of all patient files, and the processing of personal data. The legally responsible processor may delegate processing of personal data to employees of Spineclinic Iprenburg. SDS Medical BV is likewise designated a processor of the personal data. SDS Medical BV develops and maintains the software used to store patient data.

SDS Medical BV and Spineclinic Iprenburg are responsible for the proper and correct operation of the facilities in their care. Essential measures have been taken for this purpose to ensure protection and security in the broadest possible sense of equipment and software used to process personal data. These include technical and organizational measures to protect the files from loss, damage or corruption, and to protect the personal data from unauthorized access, modification or publication to third parties.

Provision of information to the patient

As directed by the Personal Data Protection Act, you have the right to inspect your personal data as held on the files of the clinic, and to be provided with a description of the purpose of the data processing, and the type of data that is processed. Spineclinic Iprenburg will allow you to inspect your personal data held by the clinic at any time, on request.

Security measures

The following measures are in place to protect your personal and medical data.

• The Internet connection used is a secure connection.
• There is an established security policy that has also been implemented.
• All data is stored in a secure data centre.
• Data is stored on two servers in a redundant setup. The data on the servers is automatically replicated so that the patient data can be load-balanced over a third machine for optimum accessibility.
• The servers are equipped with an optimized firewall to protect the data from unauthorized access. The platform is administered via a virtual private network (VPN), so that it is impossible for anyone to take control of the machines via the Internet.

 

Notification

The Privacy Policy can be viewed and (optionally) printed by means of the ‘Privacy’ hyperlink on the Spineclinic Iprenburg website. If necessary, additional information can be requested by e-mail to info@rugkliniek-iprenburg.nl

Destruction of Personal Data

As the directly involved party, the patient has the right to destroy his/her personal data. This can be arranged by requesting a special document from Spineclinic Iprenburg. SDS Medical BV will then ensure destruction in accordance with the Medical Treatment Contracts Act (Wgbo), Civil Code, book 7, part 7, chapter 5. The act states that medical details, i.e. the medical file, must be destroyed within three months following submission of such request, compliant with article 455.

 

Complaints

In the event that a patient, as the involved party, believes that Spineclinic Iprenburg is failing to comply with the stipulations of this policy, the Personal Data Protection Act (Wbp) or the Medical Treatment Contracts Act (Wgbo), then he/she should address his/her complaint to M. Iprenburg, the medical party with ultimate responsibility under law. Should this fail to lead to an acceptable result for the patient in question, he/she has the following possibilities:

• Submit a complaint to the Data Protection Authority (CBP). Following investigation, this authority has the power to enforce an administrative order or even to impose a penalty on Spineclinic Iprenburg for failure to cease the offence.
• It is also possible to request the Court to have the disputed decision of the Spineclinic reversed.

 

Statistical research

Once anonymized, the general and medical personal data may be used for research intended to improve the medical care at Spineclinic Iprenburg. This may include the following types of research:

• Anonymized personal data of groups of people in which the individual visitor is neither identifiable nor traceable may be used to analyse visits to the site for the purpose of improving the service to the visitor.
• General and medical anonymized personal data of groups of people may be used for scientific research into the quality and effectiveness of the provided medical care.
• The accumulation of general and medical personal data makes it possible to provide more relevant information to individual patients who have indicated a wish to receive such information. This entails additional information related to the symptoms and clinical state of the patient in question or the medical treatment recommended to him/her.

 

Description of the processor

Spineclinic Iprenburg is the medical party with ultimate responsibility for the accumulation of personal data. Spineclinic Iprenburg has instructed the company SDS Medical to host the electronic patient file; under law, SDS Medical BV is all the more a processor because it is in a position to view the data. This gives no grounds for concern, as the processing (hosting) takes place entirely automatically.

The processing of personal data by the processor is carried out using an SSL connection, which encrypts the data (makes it unreadable without a key).