After an intensive audit on the NEN7510-1:2017 and ISO27001:2017, we can report that Meander Medical Centre has achieved its certification. Meander is the first hospital in the Netherlands which is certified under accreditation on both standards where the primary process is included.
Information security is present in every process and every employee at Meander. DigiTrust's auditors experienced the auditing process as very special. Special, because during the various audit days we were able to talk to so many people where the passion of their care task was combined with awareness of information security. In addition, it was also special to be able to do this during this corona period. We did remote audits, either at the location with remote speaking to people (so there was no risk of contamination) or in the extreme case in person using all protection means. The various sites were also visited and assessed. Meander is leading the way in achieving this certification, a great compliment to everyone and valuable for all stakeholders. Unfortunately, due to the COVID-19 situation, we could not organise a celebratory certification ceremony. But we will make up for that at a later stage, if possible and appropriate.
Quote from Meander's press release:
Information security
Information security is a complex but necessary obligation for healthcare organisations, where a lot of medical and patient data is processed, stored and exchanged. Inadequate information security is not only a threat to patient privacy, but also a threat to the availability, integrity and confidentiality of information systems. The Inspectorate also applies these standards when the quality of care is at stake due to insecure handling of personal health information. Information security requirements are becoming increasingly stringent, partly due to new European legislation such as privacy legislation but also on the basis of the Electronic Data Processing by Healthcare Providers Decree .
Reason certification
Although certification has not yet been made mandatory, legislation does require healthcare institutions like Meander to demonstrably comply with NEN7510. It is also the way to demonstrate that a functioning information security management system (ISMS) is in place and that information security measures are in place.
Therefore, the Board decided to go for certification this year. Board member Astrid Posthouwer: "Working with other people's data brings responsibilities. As a hospital, we find it important that patient data is in safe hands with us. Especially now that healthcare is increasingly digitised and there is more data exchange in the region. We are proud to have achieved both certificates."
The client council is also pleased with the certificates obtained. Willy Heuveling, president of the client council: "Patients can be confident that their data is stored safely and correctly and not visible to unauthorised persons or retrievable by unauthorised persons."
