As a care provider, we frequently deal with (confidential) patient data. We are convinced that the protection of your privacy is of crucial importance.
You must be able to rely on the fact that we treat your personal data in a correct manner and according to applicable laws. The most important laws in this area are the General Data Protection Act (GDPR) and Medical Treatment Contracts Act (WGBO). Complying with these laws means that we only collect your data for certain purposes and that we ensure the confidentiality of your data.
With this privacy statement, we inform you about your rights and our obligations according to the applicable laws.
Care providers from various disciplines work together closely at our locations. You have an own file with each discipline where you are or have been in treatment.
For which purposes do we collect your data?
We of course use your data for providing care to you. We also use your data for processing the (financial) administration and (statistical) quality assessment. Additionally, we inform you about our services. We sometimes ask you to participate in a scientific study or questionnaires. Participation in these is always voluntary. In certain specific cases, we are legally obligated to provide your data to certain government institutions. An example is the obligatory notification of an infectious disease on the basis of the Public Health Act. When you request information or make a complaint, we also use your data in order to respond to you.
What are GZA’s duties?
GZA is according to the GDPR the party responsible for the processing of data which takes place in practice. The practice fulfils the obligations which arise from this as follows:
- Your data is collected for specific purposes:
- for care, the financial processing and the quality of this;
- for targeted management and policy;
- for supporting scientific research, education and information.
- In principle, no processing takes place for other purposes; if there is an intention to use the data for a different purpose, the patient is informed beforehand.
- You are made aware of the fact that your personal data is processed. This can be done by your care provider, but also through a brochure or our website.
- All GZA employees are obligated to treat your personal data confidentially.
- Your personal data is properly secured against unauthorised access.
- Your personal data is not stored for longer than is necessary for proper care.
In principle, this retention period is 20 years (counted from the last change of the data) for medical data, unless longer retention is necessary, for example for your own health or that of your children. This is at the discretion of the practitioner.
When do we collect your data?
We among others collect your data during registration, consultations and telephone conversations. We also receive data from other care providers when you have been referred or when we take over your file from another care provider.
Who has access to your data?
Only care providers who are directly involved in the treatment can consult your data. These include: the care provider who is treating you, the assistant, the nurse practitioner and the care provider to whom you were referred. They only consult your file insofar as is this is necessary for treatment.
However, in some situations it is necessary to bring in an observer. The observer has access to your data insofar as this is necessary for the activities to be carried out.
On the basis of a legal regulation, the care provider may be obligated to grant third parties access to your data. This is also the case if there is a serious risk to your health or that of a third party.
Sometimes your GZA doctor will refer you to another care discipline, such as a physiotherapist, the pharmacy or the hospital. We always request your permission for this using a statement. We only share data after you have given permission for this.
All telephone calls are recorded and stored for three months for the purpose of quality of care. Only when GZA has legitimate grounds to do so, for example in the case of a complaint procedure, GZA can store your telephone records longer than three months. GZA will make sure that this records will be deleted as soon as they are no longer needed in the context of the procedure.
Some locations work together in terms of telephony in order to accommodate peak traffic. In that case, the telephone is manned by different locations during peak traffic, which means you could be transferred to an assistant at a different location. In these cases, the emergency line always rings at the different locations at the same time to enable you to speak to someone quickly.
We have extensive organisational and technical security measures in place to protect your data. GZA works with certified ICT service providers. Sometimes we give third parties the assignment to process your personal data for us for the purposes mentioned above. Your data of course remains entirely confidential. We always conclude contractually that such a third party takes organisational and appropriate technical and security measures.
You have rights with regards to your medical file:
- Right to know if and which personal data about you is processed;
- Right of inspection and receiving a copy of data included in your file, this can be done via this page;
- Right of correction, addition or removal (oblivion) of the data in your file;
- Right to add an own statement (of a medical nature) to your file;
- Right to request partial deletion of your medical data. This request can only be met if the storage of the data is not of significant importance for another and the data do not have to be stored on the basis of a legal regulation;
- Right to object to the processing of data in certain cases
If you wish to exercise your rights, you can make this known to GZA verbally or in writing. Your interests can also be represented by a representative (such as a person with written authorisation or your curator or mentor).
If you have given permission for a certain processing, you can always withdraw this.
Contact and questions
If you have questions or a request with regards to your file, you can contact the location. If you object to a certain information exchange, you can indicate this to your practitioner.
Data Protection Officer
We have a data protection officer. You can contact our data protection officer via email at: firstname.lastname@example.org or telephone number: 070 - 711 24 21.
You can find additional information about your privacy or legislation at the following websites:
Website Personal Data Authority
Website of the Dutch Government