NEN 7510: Information security in Dutch healthcare
Information security is of crucial importance in many sectors, especially in healthcare. After all, sensitive medical and patient data needs to be managed and shared between organizations. It is essential that this sensitive information is protected against unauthorized access. However, building the right protection measures poses a significant challenge in healthcare. Large amounts of data are used, with various parties involved in collecting, storing and processing this data. Healthcare providers, patients and health insurers are together part of a complex network. In this blog we discuss how NEN 7510 contributes to information security in healthcare.
NEN 7510
is a Dutch standard that sets requirements for information security in healthcare. It is derived from the international standard
ISO 27001
, the standard for information security. Below, we will discuss NEN 7510 in more detail. We will also answer the following three questions:
- What are the benefits of NEN 7510?
- Is NEN 7510 mandatory?
- What are the requirements of NEN 7510 for information security in healthcare?
Is NEN 7510 mandatory for information security in healthcare?
NEN 7510 was developed for information security of data managed by all types of providers in healthcare, such as hospitals, nursing homes and other healthcare institutions. Is it also mandatory to comply with this standard? The short answer is: yes. Healthcare institutions are required to comply with the requirements of NEN 7510. This also applies to other parties that process personal health information.
Regulation on the use of Citizen Service Number & GDPR
The law 'Regeling gebruik Burgerservicenummer' states that healthcare organizations must comply with NEN 7510. This regulation is part of the 'Law on additional provisions for the processing of personal data in healthcare'. In addition, with NEN 7510 you largely comply with the requirements of the General Data Protection Regulation (GDPR). This latest law requires organizations to adequately secure personal data.
Is a certificate required for NEN 7510 information security in healthcare?
Organizations that work with medical data and patient data must be able to demonstrate that they are in compliance with NEN 7510. This can be done by certification, but it is not mandatory. Certification is certainly sensible. In addition to ensuring that you comply with the standard, certification also offers other advantages. A NEN 7510 certification includes periodic audits in which a check is carried out to see whether your organization still complies with the standard. The auditor brings in a fresh perspective and looks at your work processes and systems. Afterwards, you'll be informed if improvements are needed. Would you like to read about other important certifications in healthcare?
Are you considering having your organisation certified for NEN 7510? At DEKRA, we have been conducting audits in healthcare since 1995. Read more information about our working methods and the certification process here.
All about NEN 7510 certification
What are the requirements of NEN 7510 for information security in healthcare?
There are too many requirements specified in NEN 7510 to list them all in this blog, but we would like to give you a rough idea of what it entails. The standard is divided into two parts:
Information security and risk management
Risk management plays a major role in the standard. Creating a clear picture of the existing risks is an essential step towards information security. You therefore map out the risks, how big they are and what the consequences are in the event of an incident. In addition to risk management, the standard also discusses control measures, this includes setting up an information security policy and access security. You implement the standard step by step into your organisation. Finally, you have the choice whether or not to certify yourself against NEN 7510.