On this page
Medical practitioners in the Netherlands are required to keep records for each patient. These records contain various details, including the patient’s health and the treatment prescribed by the medical practitioner.
What information is included in medical records?
The information medical records should contain depends on the type of treatment and the practitioner’s profession. You include at least the basic data of the care you provide:
- findings of your examination
- test results
- medical scans
- reports and referrals
Citizen service number (BSN)
You are obliged to include the patient’s citizen service number (burgerservicenummer, BSN) in your records and to use this number when exchanging information. Your patients must identify themselves using a valid ID.
Keeping and maintaining medical records
You only file the necessary data in the records and you must maintain the records. You record the permissions your patient has consented to with regard to sharing the information in his or her medical record. You must also log when and by whom records were modified or viewed. You must keep medical records for 20 years.
Patient access to records
A patient has the right to view their medical records. This must be possible for free and via internet. The privacy regulation GDPR underlines this right. Your patient also has the right to receive a free electronic copy of the medical record. Make sure your IT systems are able to digitally exchange medical records with patients via internet in a secure way. The only details the patient may not access are the practitioner’s own notes and any details that may affect the privacy of a third party.
Sharing medical records
If you have your patient's permission to share their medical information with other healthcare providers, you can register their information for electronic consultation by these care providers. You register your patient's permission in their medical records.
Requirements for unity in language and technology for electronic data exchange in healthcare are being elaborated (in Dutch).
If you need to share medical records with healthcare providers abroad, you must also always make sure all parties comply with the European privacy regulation GDPR and that the method used to transfer the information is secure. To ensure that citizens can securely access and exchange their health data wherever they are in the EU a Recommendation on a European electronic health record exchange format has been drafted. You can find more information on the transfer of data to another country (in Dutch) with the Dutch Data Protection Authority.
Explaining patients' rights
You must explain to your patient what exactly electronic data exchange means. You must explain how your exchange system works, which healthcare providers you share the data with and why and you must explain what the consequences are. You are also responsible for telling your patients what their rights are, for instance to have their data modified or deleted.
UZI card and AGB code
If you as care provider want to access confidential patient information online, you need an UZI card. You can obtain the UZI card from the Dutch Unique Healthcare Provider Identification Register (UZI-register, in Dutch), for which you will need an AGB code (Algemeen Gegevensbeheer Zorgverleners, the General Database for Care Providers). You can apply for an AGB code at AGBcode.nl (in Dutch). You use the AGB code in the electronic invoicing process between you and your health insurance company. Read more on the UZI register's Certification Practice Statement.