Privacy statement according to the GDPR – in short
In my practice I work with 2 categories of personal data of my patients, the patient file and the financial administration.
1. The patient file
For proper treatment it is necessary that I, as your practitioner, create a file. This file is only on paper and is not stored digitally. Creating a file is a legal obligation imposed by the Medical Treatment Agreement Act (WGBO). Your file contains your personal data, notes about your state of health and data about the examinations and treatments carried out. The file also includes information that is (or may be) necessary for your treatment, such as your living and working situation, hobbies, family situation/marital status. Or data that, after your explicit permission, has been requested from your general practitioner or another healthcare provider.
Only myself, any trainee present (with your permission) and my deputy in my absence (with your permission) have access to the data in your file. Everyone has a duty of confidentiality.
2. The financial administration
My agenda and financial administration have been digitized. The online agenda service is obliged to keep the data secret and to secure it properly by means of a GDPR processing agreement. The servers are located in the Netherlands. I do the bookkeeping myself; its data are in the cloud, encrypted with end-to-end encryption. That means that the data are stored encrypted and can only be made readable on my own computers. The servers are located in countries that comply with EU data protection regulations (GDPR). The cloud service has signed a GDPR processing agreement with me.
An important point of attention for you as a patient is the email you send me. Emails via the contact form on the practice website or via your own email program are secured with SSL. This means that the information is sent encrypted and cannot be intercepted en route. However, if your own PC/tablet/smartphone would be hacked, it is possible that the content will become available to third parties. Therefore you may consider to share information that is particularly confident only while you are present for a treatment.
In accordance with the General Data Protection Regulation (GDPR), I do my best to guarantee your privacy:
- by handling your personal and medical information carefully
- by ensuring that unauthorized persons do not have access to your data
I am a member of the Dutch Association for Acupuncture (NVA) and therefore bound by its Privacy Regulations. You can view these regulations on the NVA website www.acupunctuur.nl Via the NVA I am also a member of the Koepel Alternative Treatment Method (KAB).
Do you want to know more? Here you will find exactly which data I record and what your data is used for. Your legal rights are also mentioned.
version jan 2022