Logo of the Dutch government

Keeping and sharing medical records

This information is provided by

Netherlands Enterprise Agency, RVO

Medical practitioners in the Netherlands are required to maintain records for each patient. Find out more.

Medical practitioners in the Netherlands are required to keep records for each patient. These records contain various details, including the patient’s health and the treatment prescribed by the medical practitioner.

What information is included in medical records?

The information medical records should contain depends on the type of treatment and the practitioner’s profession. You include at least the basic data of the care you provide:

  • findings of your examination
  • diagnosis
  • treatment
  • test results
  • medical scans
  • reports and referrals

Citizen service number (BSN)

You are obliged to include the patient’s citizen service number (burgerservicenummer, BSN) in your records and to use this number when exchanging information. Your patients must identify themselves using a valid ID.

Keeping and maintaining medical records

You only file the necessary data in the records and you must maintain the records. You record the permissions your patient has consented to with regard to sharing the information in his or her medical record. You must also log when and by whom records were modified or viewed. You must keep medical records for 20 years.

Patient access to records

A patient has the right to view their medical records. This must be possible for free and via internet. The privacy regulation GDPR underlines this right. Your patient also has the right to receive a free electronic copy of the medical record. Make sure your IT systems are able to digitally exchange medical records with patients via internet in a secure way. The only details the patient may not access are the practitioner’s own notes and any details that may affect the privacy of a third party.

Sharing medical records

If you have your patient's permission to share their medical information with other healthcare providers, you can register their information for electronic consultation by these care providers. You register your patient's permission in their medical records.

Requirements for unity in language and technology for electronic data exchange in healthcare are being elaborated (in Dutch).

If you need to share medical records with healthcare providers abroad, you must also always make sure all parties comply with the European privacy regulation GDPR and that the method used to transfer the information is secure. To ensure that citizens can securely access and exchange their health data wherever they are in the EU a Recommendation on a European electronic health record exchange format has been drafted. You can find more information on the transfer of data to another country (in Dutch) with the Dutch Data Protection Authority.

Explaining patients' rights

You must explain to your patient what exactly electronic data exchange means. You must explain how your exchange system works, which healthcare providers you share the data with and why and you must explain what the consequences are. You are also responsible for telling your patients what their rights are, for instance to have their data modified or deleted.

UZI card and AGB code

If you as care provider want to access confidential patient information online, you need an UZI card. You can obtain the UZI card from the Dutch Unique Healthcare Provider Identification Register (UZI-register, in Dutch), for which you will need an AGB code (Algemeen Gegevensbeheer Zorgverleners, the General Database for Care Providers). You can apply for an AGB code at (in Dutch). You use the AGB code in the electronic invoicing process between you and your health insurance company. Read more on the UZI register's Certification Practice Statement.

This article is related to:

This information is provided by

Netherlands Enterprise Agency, RVO
FAQPartnersContactAbout usDisclaimerPrivacy and cookiesAccessibilityOndernemersplein (Dutch) is an initiative of:Netherlands Chamber of Commerce, KVKNetherlands Enterprise Agency, RVOImmigration and Naturalisation Service, INDTax and Customs Administration, BelastingdienstGovernment.nlStatistics Netherlands, CBSNetherlands Vehicle Authority, RDWDigital Trust CenterEuropean Commission Point of Single is the Dutch Point of Single Contact for entrepreneurs.Accessibility level: W3C WAI-AA WCAG 2.1