Data sharing

With whom will your data be shared? Your health data will be shared within the hospital as part of your care. UZ Leuven may also share your data outside the hospital to the extent necessary for the stated purposes.

Within UZ Leuven

In the context of your care, your health data are recorded in the electronic patient record. UZ Leuven staff is granted access to your record insofar as they need these data to perform their function (e.g. the treating healthcare provider (whether or not in training), an administrative employee commissioned by the treating healthcare provider, etc.). Through a combination of technical and organisational measures, we ensure that they only have access to the personal data they absolutely need to perform their tasks.

A 'static' access control allows a role (doctor, nurse, secretary, or other) to be linked to a user. A 'dynamic' access control additionally allows fine-grained determination of whether a user in a certain role is involved in the treatment of a specific patient and therefore needs access to that record.

More information on the operation of your electronic patient record and exercising your rights regarding the data included in the patient record.

In addition, other employees may also have access to your data, for example from a support service, but only insofar as this is absolutely necessary for the purposes listed here.
All UZ Leuven employees who need access to patients' personal data for the performance of their duties undertake to comply with the provisions of these privacy regulations, of the GDPR, as well as all other data protection principles when processing and consulting patient records. They are always bound by a duty of professional secrecy or an equivalent statutory or contractual duty of confidentiality and must respect the duty of discretion established by UZ Leuven.

Outside UZ Leuven

Under no circumstances will UZ Leuven disclose or sell your personal data for marketing purposes.
UZ Leuven may share your data in the context of care with the following recipients to the extent necessary for the purposes listed here:

  • Yourself or your representatives: within the limits of the Patient Rights Act;
  • External treating healthcare providers: in the context of your care - more information about who uses your patient file and more information about your consent in the context of e-Health;
  • Your national health insurer and the NIHDI (National Institute for Health and Disability Insurance);
  • Insurance institutions such as your hospitalisation insurer and the hospital's professional liability insurer;
  • External processors called upon by UZ Leuven to process your personal data and who work on behalf of and under the supervision of UZ Leuven;
  • Government bodies authorised to do so by a government decision;
  • Other bodies, to the extent required by law or with your consent.

More on data sharing in the context of healthcare.

Full privacy regulations

PDF
Patient privacy regulations
PDF - 302.08 Kb

Questions and complaints

Ombudsman service
  • Ombudsman service
    Contact the ombudsman service with 

    - questions and concerns about the protection of your data

    - requests to exercise your rights

    - complaints

  • DPO
    You may also contact the Data Protection Officer at UZ Leuven

  • Juridische dienst for the attention of the Data Protection Officer (DPO)
    Herestraat 49
    3000 Leuven

  • DPA
    You can also directly contact the Belgian Data Protection Authority.

Last edit: 20 September 2024