The General Data Protection Regulation (GDPR) will be enforced from 25 May 2018. This means that the same privacy legislation will apply throughout the European Union from that date. As a healthcare provider, you are accountable and the statutory Responsible Person for your patients’ data. But how do you keep control of the service providers you do business with, and how can you make sure they handle privacy-sensitive data as conscientiously as you do?
As an IT provider in the healthcare sector, security and transparency are our top priority. One of the ways in which we achieve this is by ensuring we qualify for the appropriate certificates. Being ISO 27001, ISO 27799 and NEN 7510 certified, Enovation is compliant with the latest standards for information security in healthcare. This demonstrates we are fully committed to ensuring the security, availability, integrity and confidentiality of your data.Our processes and procedures have been assessed by accredited certification body DEKRA. You can read more about this process and our collaboration with DEKRA HERE, in an interview with our Information Security Officers Bianca Brooijmans and Dré Lameir.
We recognise that information security is a continuous process and that our application environments need to be continually updated with the latest security measures. For that reason, Enovation subjects its services and environments to periodic testing. All services and the platform are covered by a two-year cycle of (external) penetration tests. Enovation has its pen tests conducted by NorthWave B.V.In addition, Enovation has set up a Security Operations Centre (SOC) that continuously launches infiltration tests from an external location. Enovation also uses continuous, real-time monitoring by SSL Labs, which ensures we receive a warning as soon as our services drop below the A rating.
For 35 years now, Enovation has been the premier player in healthcare communication, and data protection is an essential area of attention in performing our operational activities. Protecting individual rights and complying with privacy legislation are our hallmarks. Our privacy statement covers our treatment of data traceable to natural persons (‘Personal Data’ within the meaning of the privacy legislation) that we gather when you interact with our website or services. Click the button to view the complete privacy statement of Enovation.
Access to your personal data
You are entitled to access your personal data (Article 15 GDPR) and to request correction or removal of personal data (Articles 16 & 17 GDPR). This means that, upon request, Enovation will allow you to review which personal data about you it has on file and for what purposes it processes these data.If you would like to know which personal data about you are being processed by Enovation, you can request access to your personal data by completing and submitting the ‘Application Form for Access to Personal Data’. Enovation will consider the request within 4 weeks.If you are not one of Enovation’s direct clients and we are processing the data on behalf of your care provider (healthcare professional, local authority, etc.), please consult the relevant contact person there to arrange for access, correction or removal to be requested.The completed application form, including a photocopy of a legible and valid identity document*, can be sent to the following postal address, or scanned and emailed to firstname.lastname@example.org (also included in the form).Address: Enovation Attn.: Security Office Rivium 1e straat NL-2909 LE CAPELLE AAN DEN IJSSEL* We need to be able to verify that you are the person to whom the personal data pertain in order to prevent anyone else from gaining access to these data under a false name. An identity can be verified by means of a driving license, passport or other recognized identity document. You can only apply for access if you are 16 years of age or older and are not under legal restraint. For people not meeting these criteria, such an application must be submitted by a legal representative. In that case, our response will also be made to this representative. The copy of your identity document will not be stored or processed for purposes other than the verification linked to the application concerning personal data. We also recommend marking the copy with the date of submission or another distinguishing mark to prevent it being used for other, potentially fraudulent, purposes.