Blogs / 

Digital Healthcare at Large Providers: What Are the Key Points of Attention According to the Dutch Health and Youth Care Inspectorate (IGJ)?

IT, Privacy & Cybersecurity

1 September 2025

Written by

Michelle Wijnant

Blog Image

The Health and Youth Care Inspectorate (IGJ) recently published its findings on the state of digital healthcare at eight very large elderly care providers. The conclusion? While many providers have established the necessary preconditions, they do not yet demonstrably comply with information security standards such as NEN 7510. This poses a risk both to clients and to the organization itself.

What is digital healthcare?

Digital healthcare encompasses all modern ICT applications that support or improve care. Examples include electronic client records, e-consultations, AI solutions, and healthcare apps. These applications create opportunities, but also impose requirements on governance, security, and stakeholder involvement.

What did the IGJ examine?

Between October 2023 and May 2024, the Health and Youth Care Inspectorate (IGJ) visited eight large elderly care institutions. Using the Digital Healthcare Assessment Framework, the IGJ assessed, among other things, the status of policy and policymaking processes, internal and external alignment, allocation of responsibilities and authorities, user training, contractual arrangements, and compliance with laws and regulations in the use of digital healthcare.

What went well?

  • Boards of directors took digital healthcare seriously and responsibilities were clearly assigned.
  • Digital solutions were carefully procured, tested, and evaluated.
  • Clients and healthcare professionals were involved in the deployment of technology.
  • Regional cooperation was strong, with clear agreements and networks.
  • Information provision was well-organized: professionals and clients knew what to expect.

What needed improvement?

  • Demonstrable compliance with NEN 7510 was often lacking, and an ISMS was missing.
  • Continuity during ICT disruptions was not always safeguarded, and crisis plans were outdated.
  • Client-related risks were not systematically assessed.
  • Clients were not always involved in the procurement of digital healthcare.

What can you do with this?

The publication provides several useful lessons, including the following five practical tips:

  1. Ensure demonstrable NEN 7510 compliance. Establish an ISMS and have it independently audited.
  2. Prepare for the forthcoming Cybersecurity Act, which requires proactive action.
  3. Conduct cyberattack simulations. Exercises with chain partners reveal vulnerabilities.
  4. Establish an innovation panel. Regularly address technological and ethical issues.
  5. Compare your practices against the Digital Healthcare Assessment Framework to immediately see where you stand.

Need legal support?

As a law firm specialized in technology and healthcare, we assist care providers with:

  • Implementing digital healthcare within legal frameworks
  • Demonstrating compliance with NEN 7510 and other standards
  • Drafting and reviewing contracts with suppliers
  • Governance, privacy, and compliance matters

Please feel free to contact us for a non-binding consultation. Together, we can ensure that your digital healthcare practices are future-proof and legally sound.

Newsletter

Would you like to receive a monthly overview of updates and blog posts directly in your inbox? Subscribe to our newsletter!