Privacy statement of EUnetHTA 21 Consortium
Privacy Statement Dutch Health Care Institute
As a Health Care Institute we have various statutory tasks in the field of health insurance system. We need personal data to perform these tasks. This statement states which personal data we process and what your rights are.This privacy statement consists of the following parts:• General Data Protection Regulation• Which personal data does the Health Care Institute process?• What does the Health Care Institute process personal data for?• Exchange of personal data• Retention period of personal data• Your rights• Rights of data subjects in pseudonymised processing• Want to know more?This statement was last updated on September 22, 2020
General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a European regulation that determines which rules the Health Care Institute must adhere to when it concerns personal data processed. We may only process personal data if this is necessary for the performance of our duties. The Health Care Institute is the controller in the sense of the GDPR. The GDPR obliges us to process personal data properly and carefully.
Which personal data does the Health Care Institute process?
This privacy statement concerns personal data that we need to carry out our duties and about contact details that we record.
Personal data that the Health Care Institute needs for its statutory dutiesFor the implementation of risk adjustment, fund management, package management and the quality task we need personal data. It concerns general data, financial economic data and health data.If the Health Care Institute does not need to know who owns the data, this data will be pseudonymized (encrypted). The data can then no longer be traced back to one specific person. The Health Care Institute works together with a Trusted Third Party (TTP) encrypt data before we receive it. The Health Care Institute encrypts the files itself again before his employees are allowed to use the data.
The Health Care Institute does not use automated decision-making (profiling) based on pseudonymised personal data. Profiling is the analysis of large data files and draw consequences from this about persons who appear in these files. We provide no personal data to international organizations or countries outside the European Union.
Contact detailsThink of data such as name, address and e-mail address. The Health Care Institute can do this process and store personal data:• if you send us a letter or make a request via e-mail, the website or by telephone or a question. With this information we can contact you to answer your questions to answer or to inform you about the status of your request.• if you have a subscription to our Health Care Institute Magazine or if you have one from us want to receive a brochure or a newsletter. We do not use your contact details for you send other information and we do not make your data available to others parties.• to consult you as a stakeholder in the preparation of our advice and decide. The Health Care Institute’s advice, reports, etc. are drawn up with the input from professionals and experts from the full breadth of healthcare.• to provide you with access to one of our web portals.• if you participate in a survey conducted by or on behalf of the Health Care Institute or if you sign up want to register as a participant in a conference or event organized by the Health Care Institute is being organised.The Health Care Institute uses social media such as Twitter, WhatsApp and LinkedIn. The Health Care Institute has no influence on how these platforms handle your data. We advise you not to share sensitive data via these platforms.
Why does the Health Care Institute process personal data?
Below are the statutory tasks for which the Health Care Institute needs personal data.
Citizens can have a dispute with their health insurer about the reimbursement of care under the Health Insurance Act. The Health Insurance Complaints and Disputes Foundation (SKGZ) handles these disputes. Sometimes SKGZ asks the Health Care Institute for advice. The SKGZ will then forward the medical file to the Health Care Institute. We process the file then to be able to advise the SKGZ.Citizens can also contact the Care Needs Assessment Center (CIZ) or the care office have a dispute about the reimbursement of long-term care. In the objection procedure about that dispute, the CIZ or the care office asks the Health Care Institute for advice.If we decide to advise, the CIZ or the care office (with your permission) us a copy of the medical file. We will send you a copy of our advice to the CIZ or the care office.
We process pseudonymised data for the implementation of risk adjustment personal data. We use this data to budget care as well possible to divide between health insurers and Wlz providers.This concerns files that health insurers and Wlz implementers have available and forward it to the Health Care Institute. These pseudonymized files contain generic personal data and data about the health of all insured persons in the Netherlands. In addition, the Health Care Institute receives pseudonymised data from the Tax and Customs Administration, DUO and the UWV. This concerns personal data about the financial economic status.
Package management, fund management and quality tasks
The Health Care Institute processes the package management, fund management and quality tasks pseudonymised personal data. We use this data to perform analyses concerns about the development of the quality and costs of care.This concerns files that health insurers, Wlz implementers and the Dutch healthcare authority available and forward it to the Health Care Institute. This one pseudonymized files contain general personal data, data about claimed care and costs incurred for this by all insured persons in the Netherlands.
The National Health Care Institute offers certain target groups access to specific (test) functionalities and / or data collections. To be able to provide and manage web portals, processing of contact details is necessary.
Surveys / Events
If you participate in a survey or register for an event or conference process in principle, we only provide the contact details that are necessary for the implementation of the survey or the proper organization of the event. We process your personal data only if you give explicit permission for this. It can occur in specific cases that personal data other than contact details are also processed. Which personal data that are will then be explained per survey or event.
Exchange of personal data
The performance of the statutory task may entail that the Health Care Institute data shares with other organizations. This is done on the basis of a legal basis or Cooperation.We pass on the files we receive for risk adjustment to the Minister of of Health, Welfare and Sport and the Dutch Healthcare Authority, because they also use this information to provide their perform legal duties.Furthermore, we are obliged to use some of the pseudonymised data that we provide for the risk adjustment received by delivering to the Central Bureau of Statistics.
Retention period of personal data
The Health Care Institute does not store personal data longer than is necessary for the dealing with the question or request of the data subject. Furthermore, the Health Care Institute is obliged to adhere to the terms of the Archives Act. That means the Health Care Institute keeps the documents in its archive until the data is stored in accordance with the Archives Act or documents must be destroyed.
You have the right to enter the personal data that the Health Care Institute has registered about you see. You can also request rectification (change) or deletion of your data. Hereby requests we must comply with our legal obligations and the obligations under the GDPR.
You can also object to the processing of personal data by the Healthcare institute. We weigh your interests against the grounds that the Health Care Institute has for your to process personal data.If you want to exercise your rights, you can email your request to the OfficerData protection via email@example.com.
We request that you provide your request with:• Your name.• A description of your request.• A copy of a valid ID. We advise you to use the CopyID app. This allows you to make your passport photo and citizen service number invisible. That data we do not need.
Rights of data subjects in pseudonymised processing
Pseudonymised data is personal data under the GDPR, but the Health Care Institute does not know to whom the data relates. Therefore you cannot request us to view, rectify or leave pseudonymised personal data to clear. It is also not possible to object or submit an individual complaint against pseudonymised processing of personal data, because we use it process pseudonymised data on the basis of a legal basis.
Do you have questions about this privacy statement or about the way we use personal data? We are happy to explain this to you. You can contact the Officer Data protection via firstname.lastname@example.org.
This website was produced under the Third EU Health Programme through a service contract with the European Health and Digital Executive Agency (HaDEA) acting under the mandate from the European Commission. The information and views set out in this website are those of the author(s) and do not necessarily reflect the official opinion of the Commission/Executive Agency. The Commission/Executive Agency do not guarantee the accuracy of the data included in this website. Neither the Commission/Executive Agency nor any person acting on the Commission’s/Executive Agency’s behalf may be held responsible for the use which may be made of the information contained therein.
©2021 EUnetHTA All rights reserved.