EN 
NL 
DE Information security in healthcare
Certification from DigiTrust proves that personal health information (patient data) is safe with you.
More than 500 organisations have already gone before you.
Who is information security in healthcare for?
A healthcare information security certification is intended for all types of healthcare providers and their suppliers. You can think of:
- Nursing homes;
- Hospitals;
- Physiotherapists;
- Mental health institutions;
- GPs;
- Software vendors;
- All other service providers who work with or have access to patient data.
Why is information security in healthcare important?
Information security is very important in general, but perhaps even more important in the healthcare sector where medical and patient data is managed and exchanged. This is increasingly done digitally and, of course, you want to prevent this data ending up in the streets. Negligence can therefore have major consequences for the safety of patients and their medical records.
![logo-zl-concern[1]](https://www.digitrust.nl/wp-content/uploads/2025/02/logo-zl-concern1-300x90.jpg){kind=logo}
![cmyk-Logo Cura Mare [top]](https://www.digitrust.nl/wp-content/uploads/2024/09/RGB-Logo-CuraMare-300x45.jpg){kind=logo}
or call one of our specialists
Healthcare information security certification
In the field of healthcare information security, DigiTrust offers NEN 7510 certification. The NEN 7510 is a Dutch standard developed by the NEN. It is the standard in the field of information security in healthcare. A NEN 7510 certification shows that you handle this privacy-sensitive data correctly. You show your patients/clients, suppliers, health insurers and other stakeholders that you have taken the right measures.
How can you get certified as a healthcare provider?
Through an agreement between the Ministry of Health, Welfare and Sport and the organisation NEN, the NEN 7510 standard now available free of charge. However, to receive the certificate, you need to be completely ready for certification. This is where DigiTrust can help you.
Our certification process has a number of logical steps.
During the Pre-audit, we check whether you are ready for certification. What is the status of the management system? Are there any issues that may not be in order? Together with you, DigiTrust can determine which topics should be covered during this pre-audit. We also determine the duration together. Usually this is between 2 and 4 days for a good picture of the management system and all control measures. After each pre-audit, DigiTrust provides you with a clear audit report, detailing where you may not yet be working in accordance with the requirements.
Tip; this is a frequently chosen option. It really gets you started in the process and immediately gives you a good idea of where you stand as an organisation.
Initial certification
DigiTrust assesses whether the system works and functions according to the requirements. This assessment includes reviewing all operations at your office as well as at the implementation site. The initial certification consists of 2 parts. The phase 1 and phase 2 audit.
During the phase 1 audit, we take an outline look at your management system (ISMS) and whether you are really ready for the phase 2 audit. We will also create the audit plan together for the phase 2. Who do we need when.
During the phase 2 audit, we test the ISMS and all management measures.
Phase 1
During the phase 1 audit, we take an outline look at your management system (ISMS) and whether you are really ready for the phase 2 audit. We will also create the audit plan together for the phase 2. Who do we need when.
Phase 2
During the phase 2 audit, we test the ISMS and all management measures.
Issue certificate
In case of a positive assessment, the auditor will nominate the organisation for certification. The certification manager does a quality check on the file. If everything is in order, you will receive the certification.
Control 1
During the term of the certificate, which is usually three years, DigiTrust will conduct an annual surveillance audit. During a surveillance audit, we take a sample on the various standard elements. In case of a positive assessment, the current certificate will be continued.
Control 2
DigiTrust will visit about three months before the certificate expires for the reassessment. This assessment is of the same scope as the one at step 2 and should ensure that if the result is positive, the certificate is renewed for another three years.
Questions about information security in healthcare?
Our specialists will be happy to tell you more about it. Call us at 088-224 56 00, please email us at sales@digitrust.nl or use our online contact form. We will be happy to visit you for a no-obligation introduction.
More than 300 organisations have already gone before you.