Large amounts of personal data are processed when carrying out the health screening program. For instance, we receive personal data from the Personal Records Database (BRP), which we need to invite the target group of that specific health screening. Special category data of participants is also registered (such as the result and any medical information provided by the participant). How we process the data, the purposes for which the data is used, the organisations with which we share the data and how we safeguard privacy have been recorded in the National Health Screening Privacy Regulations. A summary of these regulations is given below.
Frequently asked questions
What data do we have?
A data set is determined for each health screening program. This comprises the data we need to carry out the health screening, for any referrals to healthcare and for quality control. The data sets are determined by the Netherlands National Institute for Public Health and the Environment (RIVM) in consultation with the program committee of the relevant health screening program.
We receive your personal data from the Personal Records Database in accordance with article 3.3 of the Personal Records Database (BRP) Act.
For what purpose do we use the data?
We use the data to:
- carry out the health screening (invitations, the screening test, issue the result and make any necessary referrals);
- monitor the quality of the health screening program;
- contribute to the evaluation of the health screening program;
- contribute to scientific and statistical research in healthcare.
Who processes the data?
The data is processed by the screening organizations. Together, these are responsible for all data processing in the national information system via the Facilitating Health Screening Partnership (FSB). Other parties are engaged for certain sections of the health screening (for instance for the analysis of smear tests and stool sample tests). We have signed a processor agreement with these parties, in which agreements are recorded with respect to privacy and data protection.
With whom do we share data?
We share data with:
- GPs who are involved in carrying out the health screening;
- healthcare providers to which the participant is referred for follow-up consultation;
- parties that are involved in monitoring and evaluating the health screening program and scientific researchers. Researchers cannot trace any data that is used for this to individuals.
How do we protect your data?
In processing data we comply with the General Data Protection Regulation (GDPR) and the ‘Legal Framework for Data Exchange in Cancer Screening’ (RIVM, 2017).
Data processing also satisfies the NEN-7510 and ISO27001 information security standards. This means that we have an extensive information security policy. We work in accordance with a strict role and rights system, in which it is stated who may access which data. All employee actions are logged and we use secure connections.
We have appointed a Data Protection Officer, Sandra Blauw (firstname.lastname@example.org).
How long do we save your data?
We employ the standard storage period as detailed in the Medical Treatment Contracts Act (WGBO) and we save your personal data for 15 years. A shorter period applies to some data. This concerns data that, according to the professional standard, are no longer relevant for the implementation of the health screening.
Right to access your file: which of your data do we process?
If you wish to know which of your data we process, you can request access to this. You will then receive an overview of the data that is recorded in our system. You can contact the screening organisation for this. We will send an application form on which you should indicate the data you wish to access. Once we have received your completed and signed form, we will set your request in motion.
Correction, transfer or erasure of my data. Is this possible?
You have the right to indicate that you would like us to supplement, protect, correct or erase your data. You also have the right to receive your data if you wish to transfer these to another party. After submitting a request for this, you will receive a written notification within one month of receiving application, stating whether and to what extent we can comply with your request. If you wish to modify data that we have received from an external source, you should contact the relevant body.
I have a complaint about data processing. Who should I contact about this?
You can contact our Complaint Officer or our Data Protection Officer (Sandra Blauw, email@example.com).
I do not want my data to be processed or shared. How can I object to this?
If you do not want us to process or share your data, you can object to this. The objection options differ per health screening. This relates to the working method and processes that take place within the various health screening programs. The objection options and an explanation of these can be found on the ‘Objection’ page.
You can file an objection via the digital client portal, My Health Screening. You will need your DigiD to log in. You can also contact us to request an objection form, or download an objection from our site. Your objection will be processed once we have received a signed objection form. You will receive a written confirmation of this.
You can withdraw any objection you made at any time. We can no longer retrieve data that has previously been deleted from the system.