Privacy and security

Woman on the phone

Health is strictly personal, and so is healthcare data. Selfcare users therefore have full ownership of their personal health data at all times. Nothing will be done with their data without their explicit permission.

Only after explicit permission from the user will a doctor, physiotherapist, employer, dietician or medical specialist be granted access to the data. Communication with peers in the community and data exchange (if permitted) takes place in a secure environment. Selfcare guarantees privacy whether you use a computer, tablet or smartphone.

Dutch standard for information security

Selfcare provides the best possible data protection. Selfcare meets the Dutch standard for information security in the healthcare sector (NEN 7510), which relates to the formulation, registration and monitoring of information security. This standard entails: ‘Ensuring the availability, integrity and confidentiality of all information needed to provide patients with responsible care.’

Two-factor authenticatie and HTTPS

This is a process whereby users need two separate components in order to identify themselves. When users open the Selfcare dashboard from a new device, they are asked to provide a second piece of information (in addition to their username and password) to prove their identity. This is an additional step taken by Selfcare to prevent abuse and provide personal safety.

HTTPS is a protocol that is used for the secure handling of requests between a client (browser) and server (web server). Data are encrypted, making it virtually impossible for someone without proper authorization to access the data.

The Selfcare servers are hosted at a national level by independent foundations to ensure privacy.

Independent supervision

The Selfcare data are subjected to independent supervision by leading authorities in the field of privacy and patient protection. All personal user data are stored on a server, which is located in the country of registration. Ownership of this server lies with a legal entity that is separated from the commercial organization Selfcare. This means that the data are never accessible to third parties and can never be sold to third parties. This ensures that only the end user determines what happens to his or her data.

Health data are strictly personal. Only if the user gives explicit consent, third parties can be granted access to the data.