Access to the health data file

Initially, your health data file is accessible to the care provider who treats you. In addition, other care providers can have access to your file if they are involved in your treatment. For example, your doctor may work with an assistant or ask a colleague for advice. Care providers who have access to your file have an obligation of confidentiality.

On this page

Access within the practice or institution

The care provider who treats you can also give other employees of the practice or institution access to your file. Your care provider does not have to ask your consent for this.
The employees who are given access must be involved in your treatment. And access must be necessary for their tasks.


These could also be employees of the secretariat or the financial department, for example. Or observers or deputies. This is stated in the Medical Treatment Contracts Act (WGBO).


If you object to your data being shared with certain employees, the care provider is not allowed to provide them with the health data. If this gets in the way of good treatment or care, the care provider must discuss this with you.

Access for care providers from another practice or institution

Access to the file applies in addition to the General Data Protection Regulation (GDPR) and other legislation, such as the WGBO, the Youth Act and the Social Support Act (Wmo) 2015.
This legislation regulates professional secrecy. This means that no information from the file may be shared with others outside the practice or institution without the patient’s or client’s consent.

Electronic exchange system

If your care provider uses an electronic exchange system so other care providers (outside the practice or healthcare institution) can consult patient data, your care provider may only exchange your data via this system if you have been informed about this and have given your explicit consent for this.


If you have given your consent, these other care providers can view your file if this is necessary for your treatment or care. For example, at the out-of-hours GP surgery. You don’t know in advance who will ultimately view your data.

National Exchange Point (LSP)

The National Exchange Point (LSP) is an example of an electronic exchange system for which you can give your consent. For more information, visit thewebsite Volgjezorg.

Giving consent multiple times


There are several regional electronic exchange systems for care providers to share data. This means you may be asked in several places and by several care providers whether you want to give your consent for this.

Quick answers

What happens to my health data file if I get a different family doctor?

If you get a different family doctor, your former family doctor will transfer your file to your new family doctor if you give your consent for this. Your former family doctor must ensure that your file is transferred to your new family doctor in a secure manner.


You should also be given the opportunity to add a personal statement to your file if you wish. You can also ask your former family doctor to erase certain data, for example, because it is old or no longer relevant. Not all data can be erased, as some data may be necessary for proper treatment. Your doctor will make that decision.
 

Can my (new) dentist collect my medical data via a questionnaire?

Yes, that is permitted. But your dentist may only ask questions that are necessary for proper treatment. For example, your dentist needs information about your health in order to give you an anaesthetic.

Do I have the right to know who has looked at my health data file?

Yes. You have the right to know who has looked at your file (logging). You may also request an electronic copy (Article 15e Wabvpz) of the logging, containing overviews of who:

  • has made information available in the electronic exchange system and on what date;
  •  has viewed or requested information and on what date.
     

Where can I find it?

Article 7:457 Dutch Civil Code
Article 7:457, paragraph 2 Dutch Civil Code
Article 30 GDPR Implementation Act

Article 9 GDPR