Privacy statement MedGemak
What is MedGemak?
MedGemak (hereinafter: MG) is an app that allows you as a patient to communicate with your GP and/or pharmacist securely and remotely. MG also allows you to view part of your file, make appointments and order medication. You can only use MG if your GP and/or pharmacist offer you MijnGezondheid.net (hereinafter: MGn) and MG. Your GP and pharmacist determine which functionalities are available to you. As your data is extremely sensitive in nature and therefore requires the highest security, you can only log into MG with a five-digit PIN after linking your mobile device to your MijnGezondheid.net account.
Both MG and MijnGezondheid.net and the information systems of your GP and pharmacist are offered by PharmaPartners. This means that the actions you perform within MG are directly visible within the healthcare provider's information system. This integration and communication between your MijnGezondheid.net account and the information systems of your GP and pharmacist meet the strictest information security requirements. PharmaPartners sees securing your data as its most important task and is therefore ISO 27001, 9001 and NEN 7510 certified. In addition, PharmaPartners undergoes an annual DigiD audit for MijnGezondheid.net.
Notification settings
In some cases, you will receive a notification in the form of a push message as soon as new information is available to you in MG. There are different types of notifications. From the majority of notifications, unless you turn this off in your device settings, you will always receive a push notification by default because they contribute to the delivery of good care and your patient safety. For some types of notifications, you have the option to receive them or not.
Notifications you will always receive a push message from:
- When your healthcare provider sends you a message.
- When your healthcare provider answers your question or message.
- When your healthcare provider has shared a new test result.
- When a medication order has been sent or processed by your healthcare provider.
- When your medication order is automatically repeated by your pharmacy.
- When a medication order is completed and ready.
- When an appointment has been changed.
- When your healthcare provider has shared a questionnaire.
Notifications you will only receive a push notification of if you have explicitly turned it on:
- When your healthcare provider has shared documents.
- When an appointment has been made.
- When an appointment is about to take place.
Who is responsible for processing your personal data in MedGemak?
In MG, it is possible to access your medical data as available from your healthcare providers (GP and/or pharmacist), when they have offered MG to you. Each healthcare provider is an independent data controller (within the meaning of the General Data Protection Regulation) for the personal data it makes available in MG. Therefore, if you wish to exercise your privacy rights or otherwise have questions about your personal data in MGn, please contact the relevant healthcare provider.
MG also allows you to make appointments, communicate with healthcare providers and/or order medication. These actions are covered by the medical confidentiality of the healthcare provider(s) you select. The healthcare provider with whom you wish to communicate, schedule an appointment or place an order is therefore the data controller.
If several pharmacists and/or GPs offer you MG, they can each separately disclose the file information available to them to you via MG. You are the only person who has such an overall view of your medical data. All communication between you and a healthcare provider selected by you via MG is subject to the medical confidentiality of that healthcare provider and as such is strictly confidential.
Who is the processor on behalf of the controller?
PharmaPartners is the ICT provider that built and maintains MG. PharmaPartners is a Dutch company that has been operating within the Healthcare and ICT market for over 40 years. Besides MG, PharmaPartners also offers the information systems Medicom and Pharmacom for your GP and pharmacist. In these systems, your healthcare provider manages your medical records, among other things.
PharmaPartners is a processor for the systems Medicom, Pharmacom, MijnGezondheid.net and MedGemak, which are purchased by your healthcare provider as data controller. MG is therefore offered to you by your healthcare provider as a data controller.
What personal data is processed by my healthcare provider in MedGemak?
This depends on the functionalities your healthcare provider makes available to you in MGn and MG. By default (to create an account and validate who you are), the following data are processed:
- Your healthcare provider
Depending on the functionalities and healthcare providers available, the following data will be processed:
- Messages between you and your GP and/or pharmacist
- Messages from your GP and/or pharmacist
- Your medication record as available from your pharmacy and if requested by you:
- Current medication status: the medications you are currently taking and have taken in the past Monday
- Episodes
- Appointment details
The above data are part of your medical record and your treatment by your healthcare provider. This is subject to the legal requirements of the Medical Treatment Agreement Act. For example, your healthcare provider is legally obliged to keep your file for 20 years.
Virtually all communications and requests you send to your healthcare provider through MG are recorded in your healthcare provider's information system (your record). If, before deleting your MG account, you wish to exercise your privacy rights, such as the right to information, inspection, rectification, deletion, restriction, addition, objection or portability, please contact your healthcare provider. He/she will process your request and, if necessary, request PharmaPartners to take the necessary technical actions (such as deleting your data in MG). If you wish to delete or terminate your account, please contact your healthcare provider. In this case, your data will be deleted within 3 months.
What personal data is processed by PharmaPartners in MedGemak and for what purposes?
PharmaPartners as ICT partner of your GP and/or pharmacist provides user support via its service desk. Your GP and/or pharmacist can reach us by phone if they have a question about MG or if they need technical support. In some cases, file access by our service desk staff is necessary. They only do so if your healthcare provider instructs us to do so or because we identify that the confidentiality, integrity and/or availability of your personal data could otherwise be seriously compromised. All PharmaPartners staff are very aware of the sensitivity of this data and are also bound by very strict contractual confidentiality.
So my medical data in MedGemak will not be shared with other parties or for purposes other than what is discussed in this statement?
Indeed, MG is the app that allows you to communicate confidentially with your healthcare provider. Communication via MG is therefore covered by your healthcare provider's medical confidentiality and as such may not be revealed to others. Only PharmaPartners as ICT supplier can access your data if this is necessary to support your healthcare provider or you. Your healthcare provider has made clear agreements with PharmaPartners on the protection of your privacy.
Will any other data about me be processed?
Apart from the personal data processed for the above purposes, MedGemak only collects anonymous technical data about the use of the app, performance indicators, error reports, and non-reducible information about the device on which the app is used. This data is processed solely for the purpose of improving the app and fixing errors. The data processed in this way are anonymous and cannot be traced back to you. No data traceable to individual users is shared with third parties.
Do you have any further questions for us?
PharmaPartners has appointed a data protection officer to oversee your privacy internally, whom you can contact for questions about MGn. You can reach our data protection officer by sending an email to [email protected].