Introduction

At Silderhuis Speech Therapy, the privacy of our patients is important to us. These privacy regulations explain how we handle your personal data, including medical data.

For questions about these regulations, please contact your practitioner. You can also send an e-mail to info@silderhuislogopedie.nl or call 0184 – 613 782 and ask for Ilona Silderhuis, practitioner.

Article 1: Definitions.

In these privacy regulations, the following terms are defined as follows:

• Data: Personal information that relates to an individual.
• Practice: Silderhuis Speech Therapy, responsible for processing personal data.
• Patient: An individual (or their parent/guardian) who receives care from the practice as a patient.
• Processing: Any operation or collection of operations involving personal data, performed with or without automated processes. This includes activities such as collecting, recording, organizing, structuring, storing, updating, modifying, retrieving, consulting, using, and sharing data by, for example, transmission or other forms of making available. It also includes combining, blocking, erasing, or destroying data, as defined in Article 4, paragraph 2 of the General Data Protection Regulation (GDPR).

Article 2: Applicability

These regulations apply to all processing of personal data by the practice in the context of patient care.

Article 3: Purposes of data processing

The practice processes personal data for the following purposes:

• Registration and intake: Collection of pertinent data upon registration, prior to signing the treatment agreement.
• Speech therapy: Providing speech therapy care and maintaining information in a treatment and care record.
• Billing: Billing the patient or the patient’s health insurance company for speech therapy care provided.
• Quality Monitoring: Collect and process data to monitor and improve the quality of care.
• Scientific research: Use of data for research purposes only with your consent or as permitted by law.
• Relationship Management: Maintain relationships with patients and relevant parties.

Article 4: The data processing

1. Care provision and record keeping: In order to provide quality care, data about your treatment will be recorded in a personal file. Your treating speech therapist is legally obliged to keep a file. The treatment agreement serves as the legal basis for processing this data. Only your treating speech therapist and the care providers directly involved in your care request have access to this data, and only to the extent necessary for the provision of care. In addition, the data is used for claiming the care provided.
2. Quality control: As a healthcare provider, the practice is required by law to systematically monitor the quality of the care provided. Personal data may be used for quality purposes, but in doing so we never process more data than is strictly necessary. Where possible, data are pseudonymized or anonymized so that they cannot be directly traced to individuals.
3. Scientific research: If your data is used for scientific research, we ask for your prior consent, unless this is not possible and the law allows use without consent. In both cases, we only process the strictly necessary data. Here, too, we ensure that the data is pseudonymized or anonymized as much as possible to ensure privacy.
4. Material audit by health insurers: Health insurers with whom the practice has an agreement may require access to records as part of material audits to verify that the care declared was provided legitimately. The practice is required by law to cooperate in this.
5. Data sharing with third parties: Your data will be shared with third parties only in the situations mentioned above or when you have given us written consent through the treatment agreement.

Article 5: Description of data

The practice may process the following personal data, classified into relevant categories:

• Identification and contact information
  • Name: Patient’s full name.
  • Address, zip code, city: Contact information for communication and identification.
  • Phone Number: For direct communication with the patient and/or the patient’s legal representatives.
  • E-mail address: For correspondence with the patient and/or the patient’s legal representatives.
  • Date of birth: For identification and administrative purposes.
  • BSN number: For legal identification and administrative purposes.
  • ID number: Identification number of a legal identity document, if relevant.
• Medical and healthcare related data
  • Medical records: Information on health status and treatment.
  • General practitioner: Name and contact information of general practitioner.
  • Name of primary care physician/other health care providers: Contact information of other health care providers involved.
  • Health insurer and health insurance number: Health insurance information for administrative and claims purposes.
• Family and legal representation
  • Details of parent(s)/legal representative(s): Contact information and other relevant details of parents or legal representatives, if applicable.
  • Marital Status: Information on personal status, if relevant to treatment.
• Image and additional information
  • Photo and film material: Image material for treatment and education of third parties, only with permission.
• Education and professional data
  • Job: Occupation or position, if relevant to treatment.
  • Education: Educational level, if relevant to speech therapy.
  • School/teachers name: Information about school or teachers, if relevant to treatment.
  • Relevant educational data: Educational information that may contribute to treatment.
• Specific data for targeted care
  • Ethnicity: Bilingualism data, if relevant to treatment.
  • Sexual orientation: Information related to transgender treatment, if applicable.
• Digital access and security
  • Login information: For secure access to digital services and records.

Article 6: Rights of the patient

1. Right to information about data processing: As a patient, you have the right to know that your personal data are being processed. We will inform you about this in a general sense through these privacy regulations. Your treating speech therapist will additionally inform you in specific situations, for example when a letter is sent to your general practitioner about the progress or end of your treatment.
2. Right to inspect and copy data: As a patient, you have the right to see your data. You can also request a copy of the file containing your data. We will process your request for inspection or a copy as soon as possible. A copy is preferably handed to you personally, for which we ask you to identify yourself with a valid identity document. Alternatively, the copy may be sent via secure e-mail. These precautions are intended to prevent your data from falling into the hands of unauthorized persons. Handing it over in person also provides an opportunity to answer any questions you may have.
3. Right to correct data: If your data is incorrect or incomplete, as a patient you have the right to request correction. We will correct any inaccuracies or incompleteness in your data as soon as possible.
4. Right to delete data: If you wish to have data destroyed, you may submit a written request to this effect. If it concerns medical data, please state the reasons for destruction, if possible. The attending speech therapist will assess whether the request can be fulfilled within three months of receiving the request. If there are compelling reasons for rejecting the request, for example if the information is of significant importance to someone other than the patient, a choice may be made not to proceed with destruction. Should your request be denied, you will receive a reasoned explanation.
5. Right to have a statement added to the file: You may have a personal statement added to your file. Please provide this statement to your attending speech therapist so that it can be added to the file.
6. Rights of minors and persons under guardianship: In exercising the above rights, specific rules apply to minors and persons under guardianship:

• • Minors under 12: The legal representative, usually the parents, exercises the rights on behalf of the child.
  • Minors aged 12 to 15: Both the minor himself and his legal representative can exercise the rights.
  • Minors 16 years and older: The minor can independently exercise his or her rights.
  • Persons under guardianship: The legal representative exercises rights on behalf of the person under guardianship.

Article 7: Retention period

1. Standard record retention period: The record in which treatment data is recorded is kept for fifteen years after the end of the treatment agreement. In some cases, good caremanship may require data to be kept longer, for example, if it is essential for future care.
2. Retention period for minors: For treatment information of minor patients, the 15-year retention period begins at age 18. This means that records of minor patients are kept until they reach the age of 33.
3. Divergent retention periods: For data not specifically covered by the situations listed above, the data will not be kept longer than necessary for the purpose for which it was collected. This means that the retention period depends on the necessity and specific use of the data.
4. Exceptions to destruction requests: If you, the patient, specifically request in writing the destruction of data, this may be an exception to the standard retention periods. In this case, your request will be complied with unless there are compelling reasons to retain the data, such as legal obligations or when it is critical to third parties.

Article 8: Confidentiality

We treat your personal data with the utmost confidentiality. This means that we do not provide data to third parties except in the situations described below. In addition, we require our staff and outside parties engaged by the practice, such as software vendors, to also adhere to strict confidentiality rules.

Exceptions to the confidentiality obligation are permitted only in the following cases:

• Patient Written Consent: Data may be disclosed to third parties when you have given prior written consent. This applies, for example, when sharing information with other healthcare providers outside the practice.
• Necessity for care delivery: In some cases it is necessary to share data in order to provide proper care. This happens, for example, when a (family) physician or other health care provider is involved in your care request. In such cases, only the information necessary for treatment is shared.
• Serious reasons to break medical confidentiality: In exceptional situations there may be a need to break professional secrecy, for example when there is an emergency due to a conflict of duties. This may also be the case with signals of child abuse and/or domestic violence, where breaking confidentiality may be in the interest of the patient or third parties.
• Legal obligation or court order: The practice may be required to provide data based on a legal provision or a court order that has become final. In such cases, we will comply with the legal obligations.

Article 9: Information Security

We are committed to ensuring the security of your personal data by taking all appropriate technical and organizational measures that are reasonably possible. These measures are designed to protect the confidentiality, integrity and availability of your data and include the following actions:

• Secure and encrypted connections: We use secure and encrypted connections when communicating with and through our third-party vendors. This ensures that data in transit is protected from unauthorized access or loss.
• NEN standards for information security: The practice complies with the guidelines of the NEN standards (NEN 7510, NEN 7512, and NEN 7513), which are specifically designed for the healthcare industry in the Netherlands. These standards ensure a high level of security and data protection, focusing on aspects such as data access, data processing, and data storage.

Article 10: Responsible data protection

1. Appointing a data protection officer: The practice has appointed a data protection officer. This person is responsible for ensuring the protection of personal data within the practice.
2. Duties of the Data Protection Officer: The main task of the Data Protection Officer is to oversee all processes surrounding the processing of personal data within the practice. This includes monitoring compliance with the General Data Protection Regulation (AVG) and advising the practice on privacy-related issues. The controller ensures that data processing takes place in accordance with applicable legislation and internal security procedures.

Article 11: Changes

The practice reserves the right to unilaterally amend these privacy regulations. This may be necessary, for example, in case of changes in legislation or internal policy adjustments. In the event of an amendment to the privacy regulations, we will notify you via our website www.silderhuislogopedie.nl. We advise you to regularly consult the website for the most up-to-date version of our privacy regulations.

Article 12: Complaints

Despite our best efforts to safeguard your privacy, it is possible that you may not be satisfied with the way your personal data is processed. In that case, you can discuss your complaint with your practitioner or our complaints officer.

The complaints officer, Ilona Silderhuis, can be reached:

• by phone at: 0184 – 613 782
• by email at: info@silderhuislogopedie.nl

In addition, you may file a written complaint by addressing it to Ilona Silderhuis, practice manager, at the following address:

Silderhuis Speech Therapy
t.av. Ilona Silderhuis
Peulenstraat 22
3371 AM Hardinxveld-Giessendam

If you do not find a solution or are not satisfied with the handling of your complaint, you are free to file your complaint with the Personal Data Authority.

Version

Version dated 12-11-2024
Prepared by Ilona Silderhuis, practice owner