Patients and healthcare institutions can therefore count on us to handle this in a very safe and careful manner, both as an organisation and in our application: ConsultAssistent. We would like to explain our principles in the field of information protection and privacy.

Principles of data processing

Personal data, including data concerning health, may only be processed if there is a legal basis for doing so. It goes without saying that we only process data if there is a legal basis for doing so.

When using ConsultAssistant for treatment, we process the data on behalf of the healthcare institution. The execution of the treatment agreement is the basis for this. The healthcare institution may also use the data in ConsultAssistent for quality management and in some cases research. The bases in this case are legal obligation and legitimate interest.

All other cases are based on the explicit consent of the patient. We only use pseudonymised data from patients who have given their express consent for research to be carried out.

Reliable processing of patient data

The data that patients enter into ConsultAssistant are stored on highly secure European servers. Our systems and processes comply with a high standard in order to protect data and the privacy of patients and healthcare institutions as best as possible.

For example, Outcome Measurement (the supplier of ConsultAssistent) is NEN7510:2017 and ISO 27001:2022 certified. These are the standards for information security that guarantee the security of medical data and the availability, integrity and confidentiality of (patient) data. This is not only about the application ConsultAssistent, but also about how we work as an organization.

Now and in the future, we will continue to work to keep ConsultAssistant as safe as possible.

Medical secrecy also applies when using ConsultAssistant

When using ConsultAssistent, patients choose which information they do or do not share with the doctor or care provider. Just as in the consulting room, medical confidentiality also applies to the information that patients share with the doctor via ConsultAssistent. These data are only accessible to the treating doctor and the care providers of the healthcare institution that uses ConsultAssistent. We always register which healthcare provider accesses which data.

Use of pseudonymised data for research

We only use pseudonymised data for research purposes if the patient has expressly consented to this. Pseudonymised data is data from which all directly identifiable personal data has been removed.

All the research we do is aimed at improving diagnosis, therapy and care logistics. We do not conduct research for other purposes.

And patient data is never shared with third parties without consent.

The data remains with the care organisation

We collect and process data that patients enter into ConsultAssistant. The healthcare institution is responsible for managing patient data and is therefore the only party that has access to this data.

Of course, patient data can also be removed from ConsultAssistant. The patient can indicate this to the person responsible for the data: their own healthcare institution.

CE marking

ConsultAssistent is a medical device. ConsultAssistent was notified March 2020 as a risk class 1 medical device under so-called Medical Device Directive (MDD). The MDD has since been replaced by the MDR regulations (Medical Device Regulations) where ConsultAssistent falls into category 2a. We follow the transitional regime, have a Quality Management System based on the ISO 13485 and an agreement with a Notified Body to perform a conformity assessment, with the aim that this assessment will take place in 2025/2026.

More information

Want to know more about how ConsultAssistant protects data? Read the full

• Privacy statement accompanying the ConsultAssistent application
• Terms of use with the ConsultAssistent application
• Privacy Statement of Outcome Measurement

Or contact us if you have questions about security and privacy.