New Dutch law regulating electronic exchange of medical data between healthcare providers

On 19 October 2016, a new law regulating the electronic exchange of medical data between healthcare providers was published, amending the Act for use of social security numbers in healthcare (Healthcare Market Regulation Act) and the Healthcare Insurance Act. The new law aims to improve the privacy of patients and imposes new security standards for the protection of medical data.

At present, the electronic exchange of medical data takes place on a regular basis, for instance between general practitioners and pharmacies. Under the new law, healthcare providers may only place patient records in an electronic exchange system with the patient’s prior explicit consent. Each patient can review his electronic records and determine which healthcare provider may receive his patient records by electronic means and which information can be shared.

A healthcare professional may only access the patient records within the electronic exchange system in order to ensure adequate treatment and provided the patient has explicitly consented thereto. Healthcare professionals who have not obtained consent may exceptionally access the electronic patient records where absolutely necessary to ensure immediate adequate treatment is given to the patient.

The new law also forbids health insurers and occupational physicians to access electronic exchange systems containing patient records and sets fines for health insurers that misuse such systems.

Healthcare providers have a three-year transitional period to adjust their systems to the new requirements of the law which comes with the support of the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

A prior version of this post was originally published by the same authors in Practical Law – Life Sciences, October 2016 Issue (Thomson Reuters).

This post was originally co-authored by Elsie Troll.