Privacy and the protection of patients’ personal data
The “GDPR” ( General Data Protection Regulation) or in Dutch “AVG” (: Algemene verordening Gegevensbescherming ) is the European privacy legislation, which starts from 25 May 2018.
In line with the legislation regarding the protection of personal data, we ask that you take a moment to read through the main points of the patient privacy regulations. These regulations describe how we use data and your rights as a patient regarding the protection of personal data.
Who is responsible for processing?
The data controller is BVBA Dr F. Kesteloot.
From whom are data processed?
The collection and processing of personal data applies, for all patients of the Oogartsencentrum ZW- Vlaanderen.
Personal data concerning health are collected – by the independent professionals and/or employees of the Oogartsencentrum ZW- Vlaanderen – from the patient himself, unless another collection method forces itself in function of the purposes of the processing or unless the patient himself is unable to provide the data.
What data are processed?
The Oogartsencentrum ZW- Vlaanderen processed personal data of patients are as follows
- identification data, including the national register number
- financial and administrative data relating to admission and
billing, including health insurance fund membership - medical, paramedical and nursing data, broken down into the following modules:
- medical module
- nursing module
- paramedic module
- drug delivery module
- social data (mail address)
- other data necessary for carrying out the purposes determined or imposed
by law (judicial data).
On what legal ground is the processing of personal data possible?
Doctors and staff of the Eye Medical Centre ZW- Vlaanderen may only process personal data if this is also done lawfully.
The processing of patients’ personal data may include:
- the provision of healthcare services.
- The law on compulsory insurance for medical care.
- Legal claims
Within the hospital, what are the processing purposes?
Within the limits of this legal framework, the processing of patients’ personal data within the Eye Doctors’ Centre ZW- Vlaanderen has in particular one or more of the following purposes in mind:
patient care: performing preventive medicine or making a medical diagnosis, providing (medical, paramedical, nursing and social) care or treatment to the person concerned or a relative or managing health services, in the interest of the person concerned;
patient administration: follow-up and treatment of patients for billing purposes;
patiëntenregistratie: recording medical data of patients for internal government-mandated
government-mandated purposes, as well as for research and policy purposes;
drug management: processing operations related to prescribing and dispensing of medicines;
complaint handling: registering personal data of patients and/or their confidants in order to mediate the complaints made;
care quality: collection and processing of all data relating to medical and paramedical diagnostic and therapeutic practices administered to patients with the aim of improving the quality of care;
scientific registration: the registration of (medical) personal data of an epidemiological, scientific and/or management nature with a view to objectives on research, education or objectives imposed by the federal or regional authorities;
To whom will your personal data be provided?
Only the healthcare providers at Oogartsencentrum ZW- Vlaanderen who are involved in your treatment have access to your health data – and only for those data that are strictly necessary per healthcare provider category. All our healthcare providers are bound by professional confidentiality.
The following categories of recipients are entitled to obtain personal data from patients:
insurance institutions to the extent imposed by or under the law or with the patient’s consent;
National Institute for Sickness and Disability Insurance to the extent imposed by or under the law or with the patient’s consent;
patients concerned or their representatives within the limits of what is stipulated within the Law of 22 August 2002 on Patients’ Rights;
government agencies authorised to do so by a government decision;
external treatment providers of the patient in the context of patient care
referred to in article 6 of these Privacy Regulations;
other agencies, to the extent imposed by or under the law or with the patient’s consent;
the professional liability insurer of the Oogartsencentrum ZW- Vlaanderen or of the professional appointed by the Eye Doctors’ Centre ZW- Flanders, without the patient’s consent, to the extent that such communication is necessary for the defence of a right in court or for the establishment, exercise or substantiation of a legal claim;
Security procedures
All necessary arrangements shall be made to promote the accuracy and completeness of the data recorded. Appropriate technical and organisational measures shall also be taken to secure the patient files against loss or corruption of the data and against unauthorised access, modification or extraction, including pseudonymisation and procedures for testing, assessing and evaluating the effectiveness of security measures.
How long will your data be kept?
Subject to any legal requirements, a retention period of at least one year, counting from the patient’s last treatment, applies to the personal data allowing identification:
- 30 years for medical records;
- 7 years for billing records from patient files that serve as accounting
accountability document and for duplicate certificates for assistance provided, individual invoice and collective invoice;
If the retention period has expired, the personal data concerned will be removed from the files and destroyed, within a period of one year.
Entry into force and amendments
These Privacy Regulations enter into force on 25 May 2018. The Oogartsencentrum ZW-Vlaanderen reserves the right to amend its Privacy Regulations at any time. Amendments will be made by the ophthalmology centre and insofar as they are data concerning health.
