Access to Registers in The Netherlands
In the Netherlands, there are no specifically defined access procedures regarding health registries. However, there are some resources that give a good impression and overview of the general procedures, such as the ‘Guide to data governance procedure COVID-19 studies’. This document provides an overview of the processes that must be set up and the steps that need to be taken for the controlled and efficient availability of data, images and body materials (i.e. data governance and data access procedures). Although this Guide is designed to accelerate research on COVID-19, its aspects also apply to research that is not COVID-19 related. You can access the Guide here.
More background information on access procedures to health registries can be found here:
Other examples of data access policy templates are:
- Dutch CardioVascular Alliance: Data Access Policy of CAPACITY COVID-19 Registry
- NIVEL: voorwaarden voor gegevensaanvragen
Overview of access rules to Registers in The Netherlands
As was the case for biobanks, there are also no specific rules and regulations on health registries in the Netherlands. They are rather regulated by a number of rules and legislations of a more general kind. Additionally, Patient organization VSOP offers an elaborate overview of links and downloads with (legal) information on health registries in the Netherlands, which can be accessed on the following location.
Following, a short overview of the rules and legislations applicable to health registers, from general to more specific.
Health registries have to comply with the EU General Data Protection Regulation (GDPR), as they collect personal data, including sensitive data, such as genetic and health data. The GDPR can be accessed here.
The Dutch adaption to the GDPR is the Uitvoeringswet Algemene Verordening Gegevensbescherming (UAVG), which can be accessed by the following link (text in Dutch). The national supervising authority on the proper implementation of data protection is entrusted to The Dutch Data Protection Authority (DPA), which is entrusted with the supervision on processing of personal data in order to ensure compliance with the GDPR and the UAVG. English background information on their supervisory role can be found on their website.
The Medical Treatment Contract Law (WGBO) is also applicable in the light of health registries, as it states that participants in medical research must be adequately informed on the research conducted and that permission is needed for access to their data. Furthermore, the WGBO regulates research with anonymous human material for further use. The WGBO is an integral part of the Dutch Civil Code and can be accessed heretext in Dutch).
The Law on Supplementary Provisions for the Processing of Personal Data in Healthcare Act (This includes the Law on Client Rights for Electronic Data Processing). This law regulates patients’ rights on access and exchange of their health data within healthcare. Additionally, this law gives patients the right to control their own digital health data within healthcare. The legal text can be access here (text in Dutch)
Law on the use of citizen service number (BSN) in healthcare.
The legal text can be access here (text in Dutch). For several years there has been an ongoing discussion in the Netherlands on the use of the BSN number as unique identifier for research related purposes. So far, this discussion has not been resolved and has recently shifted focus towards potentially creating a separate unique identifier for research, unrelated to the BSN.
Decision on electronic data processing by healthcare providers.
This law is applicable if the data collection for a health registry is considered very intrusive for the patient. In that case, an ‘informed consent’ is required from the patient; patients must receive proper and complete information on the data that is collected and they must give their explicit permission to the collection and sharing of data. The legal text can be access here (text in Dutch)
Law on the Central Bureau of Statistics.
This law guarantees the independent position of the Central Bureau of Statistics in relation to the government and other government institutions. Furthermore, it contains administrative and regulatory provisions on the access and sharing of data. The legal text can be access here (text in Dutch)
Next to biobanking, the Human Tissue and Medical Research Code of Conduct for responsible use is also of importance for health registries. An English version of the Code of Conduct can be accessed here. (A new and updated version of the Human Tissue and Medical Research Code of Conduct is being drafted at this moment. Please make sure you consult the latest version)
Lastly, the Code of Conduct for the Use of Data in Health Research is also important in the light of health registries. The new Dutch version and English translation became available in 2004, you can find in on the following location. An explanatory report in English can be downloaded here.
Other relevant aspects on the access rules & national legislation to health registries. Privacy by design: is a method to carefully deal with personal data and to consider each time the minimum amount of data is that is needed to answer the question at hand and to use only the personal data that is strictly necessary.
Consent of patients in the Netherlands
There are different methods to properly regulate patients’ consent
Opt-in method
The patient is asked for (written) permission to enter his/her data into a register. A variation to this, is to ask the patient for specific ways in which his/her data might be used in research. Another variation is ‘dynamic consent’, where the patient continuously determines what is allowed with his/her data.
Opt-out method
In this case, the person can indicate (object) if they want their data removed from the register. This is the most-used method in the Netherlands.
Further information on (methods of) consent and objection for both biobanking and health registries for further use can be found here.
If you have specific questions regarding the use and/or sharing of data in relation to biobanks and/or health registries, you can contact the Dutch ELSI ServiceDesk at: elsiservicedesk@health-ri.nl