Confidentiality of Your Medical Data 

Fact sheet number 33B, July 2008

This fact sheet is intended for the data subject, i.e. the individual whose personal data is being used.

This fact sheet will answer the following questions:

You may be changing dentists and would like to know whether your current dentist must transfer your original file to your new dentist. Or perhaps you would like to know which staff members have access to your medical file in the hospital. Or maybe your father recently passed away and you would like to know whether your GP’s obligation to maintain medical professional secrecy continues after your father's death.

The relationship between you and your care provider is regulated by law. The Wet op geneeskundige behandelingsovereenkomst (WGBO) [Medical Treatment Contracts Act], among others, lays down the rights and obligations of patients and care providers.

pdf documentread the publication in full (81 KB)

Professional secrecy and duty of confidentiality
The duty of confidentiality is the obligation to maintain the secrecy of confidential information provided by individuals. Some parties have a duty of confidentiality pursuant to their profession, others in respect of the office they hold, or as a result of a statutory regulation that provides for secrecy. Secrecy and confidentiality can also be agreed in a contract.

Pursuant to Article 88 of the Individual Healthcare Professions Act, physicians [Wet op de Beroepen in de Individuele Gezondheidszorg], dentists, pharmacists, healthcare psychologists, psychotherapists, physiotherapists, obstetricians/midwives and nurses must observe medical professional secrecy. The medical professional secrecy is further defined in the WGBO. The WGBO constitutes part of the Burgerlijk Wetboek (BW) [Civil Code]. Article 7:457 of the BW also imposes an obligation to maintain secrecy on the institution by which the care provider is employed. In addition, the duty of confidentiality for, for instance, social workers, is regulated in a professional code. Further information about the scope of the duty of confidentiality of occupational physicians can be found in chapter 2.3 of the study entitled The sick employee [De zieke werknemer], a publication of the Dutch Data Protection Authority (Dutch DPA) [College bescherming persoonsgegevens (CBP)].

Medical professional secrecy means that a care provider cannot disclose your data to other parties. Medical professional secrecy continues to apply after your death. However, strict enforcement of this rule would mean that, after your death, no information about you could be provided to anyone at all. This could result in situations that you might not have wanted. Further information about providing family members with access to the medical file of a (deceased) family member can be found in the fact sheet entitled Your rights as a patient [Uw rechten als patiënt].

Breaching medical professional secrecy
Medical professional secrecy can only be breached in the following cases:

  • you have given consent or
  • it concerns the exchange of information with parties directly involved in your treatment or
  • pursuant to statutory regulations or
  • if there is a conflict of responsibilities or
  • for scientific research

Consent
You must be fully informed before you can give your consent. If you are under the age of 16, information can be disclosed to your legal representatives without your consent, unless the disclosure of such information on the part of the care provider can be considered to be contrary to the care provider’s duty of appropriate care.

Parties directly involved in your treatment
Information can be shared with persons who are directly involved in the realisation of the treatment contract and with the care provider's substitute, insofar as this exchange of information is essential to their work. It is assumed that the patient has consented in such exchanges of information. However, if you do object, no medical data may be disclosed.

Statutory regulation
Examples are stipulations in the Wet op de lijkbezorging [Burial and Cremation Act] and the Wet bestrijding infectieziekten en opsporing ziekteoorzaken [Control of Infectious Diseases and Investigation of Causes of Disease Act].

Conflict of responsibilities
A conflict of duties may occur if a substantial interest of you or someone other than you justifies a breach of the duty of confidentiality, because maintaining the secrecy would constitute a serious detriment or risk to yourself or the other party. Conflicts of responsibilities occur only very rarely and must constitute an emergency situation. One example may be the reporting of child abuse. The care provider must have made every possible effort to resolve the problem without breaching his duty of confidentiality. This almost always concerns averting danger. This careful consideration must be made by the care provider himself. The care provider must be able to substantiate his reasons for breaching the duty of confidentiality he has to you.

Scientific research
Your medical data can only be disclosed for scientific research on certain conditions. These conditions can be found in the fact sheet entitled Handling of your medical data [Omgang met uw medische gegevens].

For other care providers with a duty of confidentiality the rule applies that they must determine the scope and limits of their duty of confidentiality in a comparable fashion per individual case. In some cases the Courts can also order care providers with a duty of confidentiality to breach secrecy by providing information or data for research purposes.

Access to your medical file
In practice many medical files are partly or fully stored electronically, sometimes in combination with a hard copy. These local files are referred to as electronic medical files. An electronic patient file (EPF) is a system of electronic sub-files relating to one patient, which, if necessary, can be remotely consulted by care providers. Such a system is expected to relate to the entire care chain and should, in theory, contain all sub-files for one patient. In other words, the EPF is a collection of all the locally stored electronic medical files. An EPF will therefore contain data provided by the patient’s GP, the hospital in general, the specialist, the pharmacy, the paramedics etc.

However, not everyone has access to your (electronic) file. Access is restricted to the parties directly involved in your treatment. Those who are directly involved in the realisation of the treatment contract and those who act as a substitute for the treating party do not need your express consent to obtain essential information about you in the context of their responsibilities. This group of parties who are directly involved in your treatment are referred to by the term ‘functional unit’.

Parties directly involved in your treatment’ may be, for instance, a nurse or a fellow practitioner your care provider consults with a view to your treatment. The code of conduct of the Koninklijke Nederlandse Maatschappij ter bevordering van de Geneeskunst (KNMG) [ Royal Dutch Medical Society] documents what is considered a ‘functional unit’. For instance, a secretary can only have access to the part of the file prepared by the physician who employs her. Or if a nurse in the surgical department is not involved in the treatment of the patients of an internal department, he/she cannot have access to their files. Another example is the exchange of medical files by an out-of-hours surgery. In the context of evening, night and weekend shifts it is generally possible to exchange medical files between the out-of-hours surgery and the physicians associated with it. However, the GP must notify patients of this situation, for instance via a patient leaflet, and give them the option to object if they wish.

Transfer of your medical file
The KNMG has formulated a guideline for the procedure to be followed after the termination of your treatment contract. This guideline stipulates that, at your request, the care provider must be prepared to send his original data by registered mail to the subsequent care provider, or make this data available to you. With regard to the transfer of a file the guideline also stipulates that the care provider must evaluate the contents of the file to determine whether the data therein is essential for the care provision by another care provider. Before the care provider transfers the file he can give you the option to add a personal statement to the file or to submit a request for the destruction of your entire file or part thereof. Further information about these aspects can be found in the fact sheet entitled Your rights as a patient [Uw rechten als patiënt].

A file can only be disclosed during a treatment contract if one of the exceptions to the medical professional secrecy obligation is invoked. The Dutch DPA feels that your consent for the disclosure of your file can be assumed if you agree to your treatment being passed on to another provider. If the Wet bijzondere opnemingen in psychiatrische ziekenhuizen (Wet BOPZ) [Psychiatric Hospitals (Compulsory Admissions) Act] applies, data can be disclosed to the care provider taking over the treatment without the patient's consent, pursuant to the Besluit Patiëntendossier BOPZ [BOPZ Patient File Decree].

In the case of electronic files the issue is access to your data rather than transfer of the file. When you change to a different care provider it is necessary for the new care provider to have access to the necessary data.

Disclosure of your medical data to other authorities
The confidentiality of all the facts a care provider knows about you is your right. However, provided he observes the standards associated with medical professional secrecy your care provider is, in some cases, able to disclose your medical data to third parties. A number of examples follow below.

Health insurance companies
Generally speaking, care providers are allowed to disclose data about your treatment to health insurance companies insofar as this is required for the realisation of the health insurance contract. This sufficiently guarantees the medical professional secrecy and prevents non-essential distribution of individual patient data. On 24 February 2004 the Dutch DPA and the Ministerie van Volksgezondheid, Welzijn en Sport [Ministry of Health, Welfare and Sports] sent a joint letter to the interested parties in the context of the Diagnose behandeling combinatie (DBC) [Diagnosis Treatment Combination (DTC)]. Among other things, this letter (Werkwijze omtrent privacyaspecten bij de invoering van DBC-systematiek vastgesteld) [ Determination of the working method relating to privacy aspects in the introduction of the DTC system] further defines the ‘necessity requirement’ (objective of the disclosure of the data, nature and scope of the data disclosed).

Administration offices, debt collection agencies and factoring companies
Care providers do not always do their own invoicing and payment collection. They use administration offices, debt collection agencies or factoring companies. Such service providers require medical data to enable them to create itemised invoices.

If the care provider avails himself of the services of an administration office your consent for the disclosure of the necessary data can be assumed. It is, however, a condition that the administration office is a processor within the meaning of the Wbp [Dutch Data Protection Act]. A processor processes data for the controller, without being subjected to the immediate authority of this controller. A processor cannot use any personal data for its own purposes. It is only allowed to process the data in accordance with the instructions of the controller. This means that the care provider remains responsible for the administration office’s careful and appropriate use of the data disclosed.

If you do not fulfil your payment obligations the care provider may employ a debt collection agency. Your consent for the disclosure of the necessary data to a collection agency can also be assumed. However, the disclosure of your data to a collection agency must be preceded by a number of payment reminders that point out this consequence to you. Furthermore, only the essential details for debt collection purposes must be provided, not details such as the nature, number, time and duration of the medical treatments.

If a care provider wishes to use a factoring company to handle his financial administration, your express consent is required.

The police and the Openbaar Ministerie ( OM) [Public Prosecution Service]
It is a consequence of professional secrecy that your personal data can, in principle, not be shared with the police or the OM. However, in a case of force majeure the situation may be different. In such cases the care provider may judge that a conflict of responsibilities necessitates him to share some of the data that is subject to professional secrecy with a third party. In such cases the initiative will always rest with the care provider. The objective of sharing information that is subject to professional secrecy will always be to avert direct danger or serious detriment to you or someone other than you, not to assist the police or the OM, although this may of course be an unintended consequence.

If you have given your consent, data may be disclosed to the police as long as the care provider feels it does not contravene good care provider practices. In certain circumstances your consent may be assumed, for instance if the hospital is unable to contact your family or your partner in a case where such contact is deemed to be advisable or essential for your best interests. In this case the police may be able to assist in finding your family or your partner (or in tracing your identity). However, in the context of the assistance task of the police, assumed consent cannot be considered to be the rule. After all, the police also have other responsibilities, such as the investigative task. For such other responsibilities, even if they are a consequence of the assistance task, consent to disclose data cannot be assumed.

In cases where consent to disclose data can not be assumed, the hospital or care provider will have to be extremely reticent in providing information about you (such as your identity), including confirmation of your presence in the hospital. Aside from the above the police can, if they know a certain person is in the hospital, obtain the necessary information from that person himself of from his legal representative after coordination with the responsible medical party.

The fact sheet entitled Als de politie gegevens over u vraagt [If the police requests your data] provides general information about the disclosure of data to the police. The KNMG also recently published a Handreiking beroepsgeheim en politie/justitie ( Guide to professional secrecy and the police/Ministry of Justice) on its website.

Some other authorities in the context of outreach care
In order to deal with social problems, collaboration between organisations may be necessary. For instance, it may be necessary for the Gemeentelijke Gezondheidsdienst (GGD) [ Municipal Medical and Health Service] to share information with authorities such as home care agencies, social work agencies, the Geestelijke gezondheids- en verslavingzorg (GGZ) [ Dutch Mental Healthcare Association], municipalities, the police and housing associations, in order to provide people with certain basic facilities, care or aid. In most cases, medical professional secrecy will prevent the medical file being disclosed to the other parties within this collaboration. However, in certain cases the professional secrecy can be breached. In the context of outreach care relevant information can be shared with other authorities on the basis of one of the aforementioned grounds for exemption. In such cases, the care provider in question must consider, on an individual case basis, whether he will share data from the medical file. Further information on this subject can be found in the fact sheet entitled Informatie delen in samenwerkingsverbanden [ Sharing information in (health)care collaborations].

In the case of questions or complaints
If you feel that your care provider is not handling your medical data correctly, there are a number of options open to you. For instance, you can contest your care provider’s decision to breach his duty of confidentiality by means of disciplinary proceedings, civil proceedings or criminal proceedings.

Every care provider is obliged to establish a complaints commission. In simple and clear cases the complaint can also be handled by a complaints functionary or confidential representative. You can submit complaints about physicians, dentists, obstetricians/midwives, pharmacists, nurses, physiotherapists, clinical psychologists and psychotherapists to a regional Tuchtcollege voor de gezondheidszorg [Disciplinary Committee for the Healthcare Sector]. Alternatively, you can submit a complaint to the Officier van Justitie [Public Prosecutor]. For advice and support you can contact the Zorgbelangorganisatie in your region by mail or by telephone on number 0900 2437070. [ There are 13 care associations in the Netherlands, each active in its own region. They act on behalf of those who need care in the region, give information and try to achieve the highest quality in care. Zorgbelang Nederland is the sector organization of the regional care associations.] You can also submit your questions or complaints about the handling of your medical data to the Dutch DPA. Further information about the Dutch DPA’s complaints handling is available in the fact sheet entitled Your complaint and the Dutch DPA [Uw klacht en het CBP].