Obligation to identify
Healthcare providers are legally responsible for establishing the patient’s identity. Patients are asked to bring their insurance details (passport, driver’s license, or identification card) with them to each visit to our clinic. Identification may also be requested in connection with the correct registration in the patient file and to prevent misuse of patient records and insurance data.
To guarantee safe care, we are obliged to check your identity again and again.
For proper treatment, we must keep a medical file. We do this by the Medical Treatment Agreement Act (WGBO) and the General Data Protection Regulation (GDPR). This means that we only use your data for the provision of medical care and the associated administration and that we protect your data against infringement by third parties. In this electronic patient file, all data collected about you are electronically recorded. The electronic patient file contains information about your state of health, the examinations performed, etc.
If you have had a consultation or treatment, this will be passed on to your GP via a secure connection. This keeps them informed of the treatment at our clinic. We can also exchange data with other healthcare providers such as hospitals, pharmacies, physiotherapists, etc. If you do not want your GP to be informed of your visit to our clinic, or if your data is shared with other healthcare providers, you can during the consultation. Your data will then not be forwarded.
In some cases, your care must be declared to the health insurer. For this purpose, diagnostic data and activities performed are linked to declaration codes. This is done by the attending physician. This data is then checked by employees of the financial administration. They will check your name and address, policy details, referral, and other registrations that are important for a correct declaration of the care provided to your health insurer.
To guarantee the quality and safety of our care, we have set up various procedures and (control) systems and we participate in (national) registration systems for care. This concerns internal audits, patient satisfaction and experience survey, and PROMS. Permission is requested for participation in internal audits.
We do not request permission for patient satisfaction and experience research and PROMS because these data processing operations are necessary to guarantee the quality of the care provided. Finally, we do not request permission for processing operations for which we have a legal obligation to report, such as healthcare emergencies or infectious diseases.
We use internal audits to check whether work is being done correctly and whether things can still be improved. During an audit, it may be possible that access to your medical file is necessary, and may also ask you questions. With the results of these audits, we can improve our processes and further educate and train our employees. No personal data can be found in the results/reports of these audits. Naturally, all our employees have a duty of confidentiality.
Patient Satisfaction Survey (PTO)
To further improve our quality of care, we measure patient satisfaction. These are questionnaire surveys that you can complete anonymously. The data from the PTO is not provided to other parties and is only intended for internal quality improvement.
With PROMS we measure whether your treatment has had the intended effect on you. This is important for us to know so that we can provide you with good care. In addition, we anonymize this data and provide data at a branch or institutional level to quality registries, health insurers, or referrers. You can think of something like: “XX percent of our patients experience at least an improvement of more than 75% after surgery”. In addition, we use this data for internal quality improvement.
Registration systems for healthcare
We provide anonymized and aggregated data about our care to several registration systems:
• Healthcare Institute the Netherlands
• Health Care Inspectorate, risk indicators, see also: http://www.igz.nl/onderwerpen/handhaving_en_toezicht/riskindicatorentoezicht/
• The LROI (National Register of Orthopedic Implants)
You have the right to inspect your medical file. If it appears that information about you is incorrect, you have the right to have it corrected or removed by us. It may happen that it is not possible to (fully) comply with a request (for example, if your access leads to an invasion of the privacy of others). You are entitled to a copy of the data from your patient file.
You have the right to request the clinic forward your data to another doctor, a medical institution, or a health insurer. You can also authorize someone to view your file on your behalf or to request a copy on your behalf. Your file will be kept for 15 years from the last consultation.
How do you request a copy of the patient file?
If you would like a copy of your file, please contact us. If you want to have a file of someone else (for example your children or parents you care for), you must submit proof of consent from the patient in question (written authorization or proof of representation).
How do you request access?
You can request access directly from your treating doctor in the clinic, for example, if you speak to him or her during the consultation. If you would like to view your file at another time, you can request this by telephone or in writing. If you want to view someone else’s file, you must have proof of consent from the patient in question.
Who has insight into your data?
Doctors, nurses, surgical assistants, and clinic staff who are involved in direct care may view your data. They use a special login code for this. They only have access to those data in the file that are necessary for the performance of their task and this is also registered. Doctors are bound by professional secrecy and other clinic employees are bound by a duty of confidentiality. Your privacy is guaranteed.
Obligations of our clinic
We are responsible for the security of personal registration. We have taken measures to prevent loss/corruption of data and to prevent data from being viewed or changed by unauthorized persons. Strict measures have also been drawn up for the use and security of the data in the electronic patient record. We are liable for any damage caused by non-compliance with the provisions of the General Data Protection Regulation (GDPR).
We have engaged ICT suppliers for the maintenance and management of our information provision. We have carefully selected these suppliers and have made clear agreements with them about confidentiality and security. If – despite our measures – third parties should gain unauthorized access to your data, we will report this to the Dutch Data Protection Authority.
Complaints or questions
If you have complaints or compliments about the way we handle your data, please contact us. If you cannot reach an agreement with our Data Protection Officer, you have the right to file a complaint with the Dutch Data Protection Authority.
Need a quick consultation and treated quickly?
Then make an appointment now!