EN 
NL 
DE 
Today, there are strict requirements around information security and privacy. In the healthcare sector in particular, the bar is set high when it comes to properly handling the management of medical data. Through NEN 7510 certification, you demonstrate, in an impartial and objective manner, that you have all the personal health information properly secured.
This is the added value of NEN 7510 certification
NEN 7510 is the Dutch norm and standard in the field of information security in healthcare. This standard is basically set up the same as ISO 27001 certification, but supplemented with 39 specific healthcare-related measures. When you, as a hospital, are certified according to NEN 7510, you demonstrate that you have a functioning information security management system (ISMS). Simply put, you show that you have a well-functioning system to protect the Availability, Integrity and Confidentiality of personal health information.
As a hospital, this shows that all health and personal health information is handled properly. In addition, healthcare providers are required to comply with criteria from NEN 7510 and NEN 7512. Based on the Healthcare Providers Electronic Data Processing Decree. Certification from DigiTrust allows you to demonstrate compliance.
Proper handling of sensitive data
Of course, as a healthcare provider, you know that you must handle medical records and patients' personal information properly. But can you demonstrate this in an impartial way? Complying with NEN7510 is a strategic choice and all requirements should become part of the daily processes. Both at ICT, Physical, but certainly also at all employees. Requirements from the standard must be translated into in-house requirements and practices. In policies, procedures, forms and working agreements. But the requirements from the standard must also be set up properly technically. Together with you, the DigiTrust auditor will check whether the organisation has implemented all this demonstrably and effectively.
DigiTrust has auditors who come from the healthcare sector. We know how healthcare works and understand the lines of communication and departments.
What does the NEN7510 standard say?
The NEN 7510 standard is a set of guidelines and principles aimed at defining, establishing and enforcing measures that managers of personal health information (such as hospitals) should take to maximise information security. This standard is issued by the NEN (Royal Netherlands Standardisation Institute Foundation) and can be found here.
What is the certification process like?
As a hospital or healthcare provider, it is your responsibility to comply with the NEN 7510 standard. You should implement all guidelines and measures in your organisation, with or without the help of a consultancy firm. When you think your organisation meets the standard, you can have your organisation tested against the NEN 7510 standard. The certification process consists of these steps:
- Initial certification
The purpose of the initial certification is that we test your organisation according to the requirements from NEN 7510. We want to see if the system is working and functioning. In this assessment, we check all activities within your organisation. This initial certification consists of 2 phases, the phase 1 audit and phase 2 audit.
a. Phase 1 audit
In this phase, we assess your management system (ISMS) in outline. The main point of this phase is to assess whether you are ready for the phase 2 audit. During phase 1, we also make an audit plan, which describes which people within the organisation are responsible for what. And who we will talk to when in phase 2.
b. Phase 2 audit
During the phase 2 audit, we assess in detail the ISMS and all implemented control measures. The previously prepared audit plan then forms the guide and schedule for this phase.
- Certificate
If the outcome is positive, your organisation will have demonstrated that it meets all the requirements of the NEN 7510 standard. The auditor nominates you for certification. If the certification manager's audit is also positive, you will receive the NEN 7510 certificate.
- 1ste and 2nd check
A NEN 7510 certificate is usually valid for 3 years. During this period, DigiTrust conducts an annual surveillance audit. Randomly, we check various elements from the standard.
- HER certification
About 3 months before the end of the certification term, DigiTrust will visit you for a reassessment. This audit is similar to the audit in phase 2 and if the result is positive, you will be renewed. Again by 3 years.
Want to know more about NEN 7510 certification?
Are you considering a NEN 7510 certificate or do you still have questions about NEN 7510? Our specialists will be happy to tell you more about the standard and the certification process. Call us on 088-224 56 00, send us an e-mail to sales@digitrust.nl or use our online contact form. We will be happy to visit you for a no-obligation introduction.
