1. General information
In order to provide good emergency medical care, the GP Emergency Post records data about you. We do this following the General Data Protection Regulation (in Dutch: AVG). This Act states that an organization using personal data has certain obligations and the person whose data are recorded has certain rights. In addition to this general law, specific rules apply to privacy in healthcare. These rules are stated, among other things, in the Medical Treatment Contracts Act (the Dutch law WGBO). This privacy statement is intended to inform you about your rights and our obligations that apply under the AVG and the WGBO.
2. Use of your personal data
When you contact us or you visit the GP Emergency Post or a GP arrives at your home in case of emergency care, various personal details can be processed. We record this information in an electronic patient record. This is necessary to provide good medical care and for the payment of your treatment. In addition, processing this data may be necessary to, for example, prevent or treat possible health hazards, or to comply with legal obligations.
We process the following categories of personal data:
- Name, address and residence
- Date of birth
- Phone number
- Citizen service number (in Dutch: BSN)
- Insurance data
- Your GP or medical specialist
- Medical data
We can also receive data from other healthcare providers, including your own general practitioner or pharmacy, in case you are registered with a Dutch general practitioner and pharmacy. In order to monitor and improve the quality of our services, we record telephone calls. The recordings of these conversations can be used in case of a complaint or incident. These recordings are saved for a maximum of 2 years. For your and our safety, camera images are recorded in the waiting rooms of our GP Emergency Post in the hospital where the GP Emergency Post is located. In case of an incident, relevant images can be secured so that they remain available for further analysis of the incident.
3. Why do we process your data?
According to the AVG, the ‘Stichting Huisartsenpost Maastricht en Heuvelland’ is responsible for the handling of your personal data. Your data are collected to:
- provide emergency care by staff at the GP Emergency Post and by the on duty GP,
- declare the expenses with your health insurance,
- monitor the organization’s own quality and operational management,
- justify provided healthcare to health insurers, based on anonymized data,
- support scientific research, education and information.
4. Scientific research
The registered data can be used for statistics on sickness and health and for scientific research into medical treatments. Here, strict rules apply to protect your privacy. Information which your identity can rerveal (such as your name and address) will be removed. If it is necessary for the research to know who you are, we will always explicitly ask for your permission. If you have any questions or you do not want your data to be used, please contact our organization.
5. Retention period of your data
Your personal data will not be kept longer than necessary for proper care. For medical data, this storage period is normally 20 years (since the last treatment), unless longer storage is necessary, for example for the health of yourself or your children. This, according to the WGBO. Telephone conversations are stored for 1 year. If there is a report, telephone conversations are stored in accordance with the statutory retention period.
6. Who has access to your data?
Only care providers and employees who are directly involved in your request for care can consult your data. This includes, among other things: the triagist (licensed doctor’s assistant) with whom you have telephone contact, the general practitioner who treats you and the doctor’s assistant from the GP Emergency Post. They only consult your file as far as necessary for your treatment. In the event of a complaint, it may be necessary for the complaints officer and supervisor of the GP Emergency Post to have access to your file and possibly in the recordings of telephone conversations and/or camera images. You have to give permission for this separately.
7. The passing on of your personal data to third parties
The employees of our organization have the obligation to handle your personal data confidentially. This means, for example, that your explicit consent is required for the transfer of your personal data to third parties. There are, however, some exceptions to this rule. Based on legal requirements, the oath of secrecy of the care provider can be broken, but also when there is a serious danger to your health or that of someone else. In addition, recorded data can be exchanged verbally, in writing or digitally with other care providers involved in your treatment, if necessary. For example with the ambulance service, a specialist in the hospital to whom you are referred or the pharmacist who processes your prescription in order to provide you with the right medication.
8. Exchange of data
To improve the quality of patient care, the most important information from your medical records of your Dutch general practitioner and Dutch pharmacy can be consulted by the triagist and the GP on duty at the GP Emergency Post via the LSP or Whitebox. This information can only be requested by us if you have given specific permission to your own Dutch general practitioner and/or pharmacy. If you have contacted us by telephone, if you have visited the GP Emergency Post or our on duty GP has visited you, a summary of your contact or visit will be sent back to your Dutch doctor. By doing so, your GP knows exactly for which complaints you have contacted the GP and what actions have been taken. The system does not provide exchange of data with your doctor or pharmacy abroad.
9. Security Measures
We have taken several organizational and technical security measures to protect your data. In this way all employees are informed and made aware of the privacy sensitivity of your data and that they must handle it carefully and under strict confidentiality. In addition, we have taken various technical measures to protect our computer systems and network connections against unauthorized access. If, in spite of these measures, third parties gain unauthorized access to your data, we will report this to the Dutch Data Protection Authority.
10. Your rights
You have the right to review your data. If, according to you, this information is incorrect, you have the right to have this data corrected, supplemented or removed. In some cases it may not be possible to (fully) comply with your request, for example if your review leads to an infringement of the privacy of others or when deletion of data has the consequence that no good medical care can be delivered to you. If you wish to use your rights, you can request this verbally or in writing using the contact details below. Your interests can also be looked after by a representative (such as a written representative, or your curator or mentor).
11. Question or Complaint
If you have a question or complaint about the way we handle your data, please contact our Data Protection Officer. The contact details are listed below. If you cannot come to an agreement with our Data Protection Officer, you have the right to file a complaint with the Dutch Data Protection Authority.
12. Contact details
Stichting Huisartsenpost Maastricht en Heuvelland
regarding the Data Protection Officer
PO Box 5800
6202 AZ Maastricht
Phone: 043-387 7538