<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=5443458&amp;fmt=gif">


Risk management, security and privacy within healthcare

As a healthcare provider, you are obliged to protect the confidentiality of patient and/or client data. The NEN7510 has been drawn up to provide guidelines for this, but also to check compliance. The NEN7510 describes measures to safely handle patient and/or client data.

This standard for information security in healthcare is not without obligation: all healthcare institutions in the Netherlands must be able to demonstrate to the Healthcare and Youth Inspectorate (IGJ) that they meet the requirements of NEN7510. These requirements are therefore the guiding principle in the assessment.

This obligation is based on, among other things, the General Data Protection Regulation (AVG), Additional Provisions for Processing Personal Data in Healthcare Act (Wabvpz) and the Electronic Data Processing by Healthcare Providers Decree (Begz).


NEN7510: the benefits

The NEN7510 is used to increase your digital resilience. Using the standard, you demonstrate that your ISMS (Information Security Management System) is in order and that you have mitigated digital risks to an acceptable level by implementing appropriate control measures.

Implementing (and perhaps certifying based on) the NEN7510 for healthcare provides some clear benefits regarding information security for your organization:

  • It creates trust for "stakeholders" such as patients/clients, health insurers, providers and regulators.
  • The NEN7510 provides a clear structure and tools to make your entire organization more digitally resilient.
  • The NEN7510 employs a cyclical management system (ISMS), which establishes a clear PDCA cycle to achieve continuous improvement.
  • With certification, you easily demonstrate that you are compliant with legal requirements. Without certification, you will have to demonstrate that your organization is compliant in another, less efficient, way. This is particularly time-consuming if multiple audits are required, for example.
Norms and standards