Within UZ Leuven
In the context of your care, your health data are recorded in the electronic patient record. UZ Leuven staff is granted access to your record insofar as they need these data to perform their function (e.g. the treating healthcare provider (whether or not in training), an administrative employee commissioned by the treating healthcare provider, etc.). Through a combination of technical and organisational measures, we ensure that they only have access to the personal data they absolutely need to perform their tasks.
A 'static' access control allows a role (doctor, nurse, secretary, or other) to be linked to a user. A 'dynamic' access control additionally allows fine-grained determination of whether a user in a certain role is involved in the treatment of a specific patient and therefore needs access to that record.
In addition, other employees may also have access to your data, for example from a support service, but only insofar as this is absolutely necessary for the purposes listed here.
All UZ Leuven employees who need access to patients' personal data for the performance of their duties undertake to comply with the provisions of these privacy regulations, of the GDPR, as well as all other data protection principles when processing and consulting patient records. They are always bound by a duty of professional secrecy or an equivalent statutory or contractual duty of confidentiality and must respect the duty of discretion established by UZ Leuven.
Outside UZ Leuven
Under no circumstances will UZ Leuven disclose or sell your personal data for marketing purposes.
UZ Leuven may share your data in the context of care with the following recipients to the extent necessary for the purposes listed here:
- Yourself or your representatives: within the limits of the Patient Rights Act;
- External treating healthcare providers: in the context of your care - more information about who uses your patient file and more information about your consent in the context of e-Health;
- Your national health insurer and the NIHDI (National Institute for Health and Disability Insurance);
- Insurance institutions such as your hospitalisation insurer and the hospital's professional liability insurer;
- External processors called upon by UZ Leuven to process your personal data and who work on behalf of and under the supervision of UZ Leuven;
- Government bodies authorised to do so by a government decision;
- Other bodies, to the extent required by law or with your consent.
Full privacy regulations
Questions and complaints
-
Ombudsman service
Contact the ombudsman service with- questions and concerns about the protection of your data
- requests to exercise your rights
- complaints
-
DPO
You may also contact the Data Protection Officer at UZ Leuven -
Juridische dienst for the attention of the Data Protection Officer (DPO)
Herestraat 49
3000 Leuven -
DPA
You can also directly contact the Belgian Data Protection Authority.