We consider the protection of your personal information, together with the care we provide, to be our highest priority. Therefore, we do everything possible to protect your data and take the necessary security measures. In doing so, we observe:
the privacy legislation (AVG)
the law on patient rights
the guidelines specific to the health sector
the ITM data protection policy
With this privacy statement, we would like to inform you about how we handle your data as a patient and about your rights as a patient.
What data do we process from you and for what purpose?
The staff and doctors of the ITM outpatient clinic collect and process information about you of a personal nature on the basis of the treatment relationship between you and the outpatient clinic and/or the care providers. This is done primarily to be able to offer you optimal care, to be able to maintain a complete and correct patient dossier and possibly also for invoicing and accounting purposes. These data are kept as secure and confidential as possible. They are only shared with our medical care staff and some data are also shared with the administrative staff.
For this purpose, we process the following data from you:
Identification and contact details (and possibly of a legal representative);
National identification number;
Financial data and data about your insurability (e.g. your mutual insurance company);
Personal characteristics (data such as age, gender, marital status, spoken language, etc.);
Information about your health (diagnosis, prognosis, medical history, treatment, etc.);
Psychological data (if relevant to the provision of care);
Data of a sexual nature or preference (if relevant to the provision of care);
Data relating to the care (if relevant to the provision of care);
Data on your family and relatives (only if relevant to the provision of care);
Data on education and training (if relevant to the provision of care);
Sound or image recordings (if this is necessary for the provision of care).
Is your data shared with others?
This is certainly possible, but only where necessary and permitted. Here we give an overview of possible data transfers:
Sharing in the context of care
The patient dossier may be consulted by staff members of the outpatient clinic when such consultation is necessary in order to provide the necessary care (e.g. the treating care provider (whether or not in training), an administrative staff member on behalf of the care provider, ...). Also referring doctors or laboratories will receive a copy of e.g. results of performed diagnostic tests to the extent this is necessary for follow-up treatment. Furthermore, ITM has concluded a collaboration agreement with the Antwerp University Hospital for the admission of patients.
Data about you must also be shared with the RIZIV and the mutual health organisations. Furthermore, vaccination data may be shared via VaccinNet.
At the request of the police and judicial authorities, personal data of patients may be shared. To the extent permitted by law, you will be informed of this.
Collaborative Care Platform (Collaboratief Zorgplatform or “COZO”)
ITM, like many other healthcare institutions, has joined the Collaborative Care Platform (CoZo), a digital collaboration platform that allows patients, healthcare providers and healthcare institutions to exchange medical data and information quickly and securely. As a result, from 1 January 2019 our laboratory results will be shared with other healthcare providers in a secure manner. This is only possible if you have given your prior consent, and only healthcare providers with whom you have a therapeutic relationship, such as your general practitioner, will have access to this medical data. In addition, the ITM doctor can also get access to existing and future medical information of his or her patients at other institutions. This makes multidisciplinary, transmural and integrated care possible.
Your health data that can be consulted by ITM via COZO because of an existing therapeutic relationship will not be used for other purposes, such as scientific research.
Epidemics and surveillance
ITM is legally obliged (by the Flemish Prevention Decree) to report certain infections to the Agency for Care and Health (e.g. syphilis, gonorrhea, tuberculosis, zika, monkey pox, etc.). This can also be done by name to make contact tracing possible. More information.
Pseudonymised data (with deletion of your identifying data) can be passed on to Sciensano within the framework of surveillance activities (e.g. gonorrhoea, chlamydia, HIV).
It is also possible that your (anonymised or pseudonymised) data from your medical file will be used in future scientific research, in order to gain new knowledge about a disease and/or treatment. For this purpose, personal characteristics, medical data, data concerning sexual nature, data related to health care can be processed, for example. The legal basis for this processing is the public interest, processing for the purpose of scientific research or the consent of the patient. Data used for scientific research is never directly identifiable (your name is never processed or mentioned, but deleted or replaced by a code), is strictly minimised and researchers are bound by strict rules to ensure data confidentiality and security.
Data collected in the framework of scientific research can be shared with researchers and their team connected to the ITM, clinical trial sponsors or external researchers. Such studies and transfers must always receive prior approval from an Ethics Committee, the Social Security and Health Chamber of the Information Security Committee or the Data Access Committee of ITM. The Data Protection Officer supervises the correct processing and possible transfer of the data.
Within the framework of inspections or audits, (pseudonymised) data may be inspected by the Ethics Committee, by a representative of the study sponsor, by internal or external auditors or by public authorities such as the Data Protection Authority.
For more information on this and on the use of body material, see Use of medical data and left-over body samples for scientific research.
You may also be contacted by a healthcare provider or the ITM Clinical Trial Centre to participate in a future study. Such participation is always completely voluntary and refusal to participate never has any impact on the care you receive from us.
For prospective scientific research in which additional data are collected that are specifically expected of you (e.g. a commercial clinical study, completion of a questionnaire or a blood collection specifically for scientific research), you will always be asked for your express and voluntary permission to participate in the research.
Invoicing and payments
If you have outstanding invoices, under the legal basis of ITM's legitimate interest, limited identification data, services provided and financial data such as outstanding invoice details may be passed on for follow-up to a collection agency contracted by ITM.
IT solution providers
Your data may be shared with suppliers of IT solutions (e.g. for online appointment diaries, cloud service and hosting suppliers, laboratory information systems, etc.). The degree of transfer or possible access by such suppliers (personal data processors) depends on the services provided but is always limited as much as possible. Such processors are subject to very strict rules regarding access, transfers, security measures and permissible purposes for the processing by means of a data processing agreement. The more sensitive the data involved, the stricter the measures will be. All suppliers are also bound by the European data protection legislation (GDPR).
In order to be able to support our patients properly, consultations can (also) be carried out by means of, for example, video calling. Since the outbreak of the covid-19 pandemic, telemedicine has become indispensable. If you want to know more about the protection of your data in the context of telemedicine, see the telemedicine privacy statement.
How long will your data be stored?
The retention period for the medical dossier is legally set at 30 years (after the last consultation).
Where your personal data is processed and stored for other purposes (e.g. epidemiological purposes or public health), this is in principle never for longer than necessary for the specific purpose, in accordance with legally defined time limits or your data is completely anonymised (e.g. where a doctor wishes to discuss a specific case or clinical picture with another doctor).
What are your rights?
You always have the right to ask which data of yours we are processing and to obtain a copy. You can also appoint a legal representative to do this on your behalf.
You can also ask us which data about you we pass on and to which organisations.
You also have the right to have data corrected where necessary and, in specific cases, to have data about you deleted. Via our online appointment system, you can also check your identification data yourself and correct them where necessary.
If you feel that the hospital is not or not properly respecting your rights with regard to your personal data, you can always contact the data protection officer who will address ITM to handle the complaint and, if necessary, take the necessary measures. General complaints can also be made via email@example.com.
If you believe that ITM is not handling your personal data correctly, you also have the right to file a complaint with the Belgian Data Protection Authority.