Legislation & Responsibilities
Below you will find the most important laws and regulations we take into account and comply with as a service provider. We also explain the responsibilities you have as a user when using FlowMemo.
1. GDPR (General Data Protection Regulation)
We take the protection of personal data very seriously. Therefore, we fully comply with the GDPR. This means that:- Purpose Limitation: Personal data is processed solely for the purpose of providing services and not for other purposes.
- Data Minimization: Only the strictly necessary data is collected and processed.
- Security: Data is secured through technical and organizational measures, such as encryption and access control.
- Rights of Data Subjects: We respect and facilitate all rights of data subjects, such as the right to access, correct, delete, and transfer data.
2. WGBO (Medical Treatment Agreement Act)
Within the WGBO, it is important that patients are well-informed about the processing of their data. FlowMemo supports you in reporting and documentation within the care process. Specifically, this means:- Informed Consent: You are responsible for correctly informing your patients and obtaining their consent (where required). Our software is already set up for this; without consent, you cannot record.
- Professional Secrecy: We respect your professional secrecy through strict security measures and access protocols. No one outside your organization or our strictly necessary support role can access this data.
3. NEN 7510 and ISO 27001
Our servers are ISO 27001 certified. FlowMemo demonstrably complies with NEN 7510 and ISO 27001 regulations. This means:- NEN 7510: This standard specifically focuses on information security in healthcare. Our systems meet the requirements for availability, confidentiality, and integrity of medical data.
- ISO 27001: This is the internationally recognized standard for information security. Our Information Security Management System (ISMS) is continuously monitored and improved.
4. AI Act
The AI Act (the European regulation on artificial intelligence) came into effect on August 1, 2024. As an administrative tool, FlowMemo is not directly involved in decision-making, but we are already preparing for the future where this may become the case. We comply with this regulation by:- Transparency: We provide insight into the functioning of our AI models and the data we process, so users understand how outputs are generated.
- Human Oversight: We have developed structures for human oversight of the AI system, so intervention is possible when needed. This increases the safety and trust of users in the technology. Therefore, it is extremely important that the healthcare provider checks all output from FlowMemo and does not blindly adopt it.
- Data Governance: We ensure careful selection and control of training and test data to train our AI models. Our datasets are representative, reliable, and not tampered with.
Conclusion
We are committed to complying with all relevant laws and regulations regarding privacy, data protection, and healthcare. FlowMemo is designed to support healthcare professionals and institutions within the legal framework of the GDPR, WGBO, NEN 7510, ISO 27001, and the AI Act. We ask you, as a user, to continue to fulfill your own responsibilities within these legal frameworks. This includes correctly informing patients, ensuring information security within your organization, checking generated data, and correctly applying FlowMemo within the applicable professional and ethical standards. Do you have questions about how we handle privacy and security, or would you like more information about our certifications? Feel free to contact us via the contact page. We are happy to assist you.Secure, protected and responsible.
