NEN 7510 certification: take care of your confidential information

NEN 7510 can be used by any healthcare organization, regardless of the nature and scope of the business process. NEN 7510 certification is also relevant for suppliers who are active in this sector (think of software developers and hosting companies). They will be confronted with this standard the moment they process patient data as laid down in the Personal Data Protection Act (Wbp). The standard therefore focuses on the entire healthcare chain, from individual healthcare providers to large healthcare institutions and suppliers such as network organizations, cloud providers, providers of SaaS IT solutions and healthcare insurers.

As a care institution or healthcare provider, how do you ensure that information about patients, performance indicators etc. is handled confidentially and securely within your organization? Based on the ISO 27001 and ISO 27002 data security standards, NEN 7510 provides you with a framework for information security that is fully focused on application in the Dutch healthcare sector. The experts at Kiwa have everything to prepare your organization for certification in the field of information security.

Information plays an increasingly important role in healthcare. Patient data and data on medical conditions, etc. are an important weapon for healthcare providers against duplicate examinations, medical errors, etc. More and more information is stored and exchanged in the healthcare sector. This information is almost always confidential in nature and healthcare institutions are therefore under a magnifying glass when it comes to the way they handle data. It is therefore not surprising that health care providers increasingly want to and should be 'in control' of how information is handled within their organization.

NEN 7510 has been specially developed for the Dutch healthcare situation and helps healthcare organizations to take appropriate security measures. Topics that are discussed include safeguarding the availability of data and the integrity and confidentiality of all information for responsible care for patients.

The certification describes measures to deal with information adequately. According to the standard, these measures must be designed in such a way that they can be checked with help of the NEN 7510 checklist. NEN 7510 applies to the security of all types of information in and between the relevant organizations and all possible forms in which that information is displayed, recorded and transferred. To determine the required guarantee of confidentiality, integrity and availability of the information, a risk assessment is required.

Since 2008, healthcare organizations have been required to comply with NEN7510 in accordance with the Citizen Service Number Regulations in Healthcare. As a result, the standard has a mandatory character: when providing responsible care, patient data must be adequately secured. NEN 7510 can be the appropriate means for this. This means that information security falls under the supervision of the Health Care Inspectorate (IGZ), which uses the standard when testing whether healthcare institutions are taking the right measures to implement and maintain adequate information security.

The certification process at Kiwa starts with a tender request in which the certification costs are also defined. After the conclusion of a certification agreement an independent investigation is conducted in which Kiwa assesses whether the criteria for NEN 7510 certification are met. If necessary, Kiwa can help you improve the processes surrounding information security within your organization with a step-by-step plan. If the result of the investigation is subsequently positive, certification follows. The NEN 7510 standard is often supplemented with NEN 7512 (data exchange) and NEN 7513 (logging patient file).

Kiwa has experts in the field of information security. They have extensive experience with the implementation of The NEN 7510 audit and ISO 27001 certifications. As a result, their knowledge is always up-to-date and they can be of service to you in numerous knowledge areas. A number of Kiwa auditors are EDP auditor (RE) register, which means that they have followed a post-graduate IT audit course after their university education and are registered in the EDP auditor register of NOREA, the professional organization of IT auditors. Do you want to know more about NEN 7510? About the process itself or the certification costs? We are happy to tell you more about it.