Transparency builds trust

Transparency builds tr ust
Introducing ZorgTTP
All organisations that process privacy-sensitive information
are subject to the Dutch Personal Data Protection Act, the
We t B e s c h e r m i n g P e r s o o n s g e g e v e n s ( W B P ) . T h e i n d e p e n d e n t
D u t c h D a t a P r o t e c t i o n A u t h o r i t y ( D PA ) s t r i c t l y m o n i t o r s t h e
compliance with the regulations. And so they should, as our
privacy should be handled with care.
It is by no means easy to ensure that your sensitive data is
fully protected according to the existing laws and regulations.
F o r t u n a t e l y, y o u a r e n o t a l o n e . Wo u l d n ’ t i t b e n i c e t o h a v e a
reliable third party by your side, to advise and support you?
P l e a s e m e e t Z o r g T T P.
ZorgTTP is a so-called ‘Trusted Third Party’;
an experienced and straightforward partner
offering support with the exchange and sharing
of privacy sensitive data.
We have the knowledge, experience and
competence to process personal data in such a
way that it is completely anonymous and ready to
be used within all legal boundaries.
ZorgTTP services
ZorgTTP offers a complete range of services in
the field of privacy protection of personal data.
Our integral services allow us to do and achieve
more. ZorgTTP is proud to offer high quality
services.
Contents
Introducing ZorgTTP
3
It’s all about trust! 5
Our services
7
from different perspectives and
About Tres® (encryption/decryption)
8
everything. However, I can’t seem
‘Being an academic,
I am used to looking at things
finding shortcomings in just about
to find any in the ZorgTTP services.’
Extensive network
9
Some of ZorgTTP’s clients
10
Jaap van Lakerveld, PhD
Executive Director Plato BV,
Leiden University
2
3
It’s all about trust!
With delicate matters like the careful processing
of sensitive personal information, you have to be
able to fully trust our services and integrity.
Your trust is the foundation of our success.
Therefore, together we will make sure that your
wishes comply with the starting points and
guaranteed services of ZorgTTP.
ZorgTTP operates from the following starting
points:
• B efore closing any agreement, ZorgTTP and
the customer carefully investigate if the
client’s demands concur with ZorgTTP’s basic
principles and objectives;
•D
ata collection, processing and opening up
remain strictly separated at all times;
• In all respects, in any situation, during the
entire process, ZorgTTP assumes an open and
transparent professional attitude;
•A
ll processes, the software as well as the
procedures are regularly audited, by
independent audits. Thus, we guarantee
high quality, secure services.
Clients
ZorgTTP aims to secure privacy sensitive information streams in health care as well as in other
fields. When it is essential to be able to monitor
individuals over periods of time or link several
sources of information, pseudonymization
provides great value. ZorgTTP has increasingly
been working with companies and partners in
the fields of justice, welfare and education.
‘ZorgTTP is without a doubt
the most used ‘pseudonymisator ’
of the important actors in the
care sector.
It considerably simplifies the
exchange of data files.’
Eric Hans Eddes, MD
Managing Director DICA and surgeon,
Deventer Hospital
5
Our services
About Tres® (encryption/decryption)
ZorgTTP has developed a number of services to
meet the particular needs and demands of their
potential clients. They are:
•Q
uick scan: preliminary inquiry dealing with
identifying personal data and information
security;
•A
dvising on security, unique client coding and
privacy protection;
•K
ey development, anonymization;
• P seudonymization;
•A
uthentication /encryption: Tres® (Trusted
Reversible Encryption Service);
• S ecured data archives.
‘ZorgTTP is an expert
in pseudonymizing care data and
enjoys an impeccable reputation.’
Barry Egberts,
senior manager Kenniscentrum
Zorg and Gezondheid,
About pseudonymization
With pseudonymization all data that can lead to
identification of individuals is replaced by unique
pseudonyms that cannot be traced back to these
individuals.
These irreversible pseudonyms allow stakeholders to exchange information without
jeopardizing any person’s privacy in any aspect.
The conversion of sensitive personal data to
an irreversible pseudonym has two stages.
The party owning the personal data that needs
to be shared (the source) uses the pseudonymization software to convert the data to a
so-called ‘pre-pseudonym’, following Dutch DPA
requirements. Then, ZorgTTP converts the
pre-pseudonym to a final pseudonym. The final
pseudonym with the data attached to it, is disclosed to the receiving party. Only ZorgTTP
knows how the final pseudonym is created.
Neither the source nor the recipient can retrace
the original personal information. This way, data
can be exchanged without violating privacy.
Furthermore, if necessary, researchers are able
to file transparent and controlled requests for
additional information with the source without
jeopardizing the security of sensitive personal
data.
Tres® (Trusted Reversible Encryption Service)
is developed by Advanced Data Management
(ADM) of the LUMC (University Medical Centre
of Leiden) and ZorgTTP.
Tres® is based on reversible encryption to
shield personal data for non-authorized use.
Tres® is developed for registrations which have
legal grounds to register personal information.
Examples of typical data are our social security
number (BSN) or an individual’s name combined
with other identifying data.
The user uses his/her own information system
to log on to Tres®. While saving the information
the designated variables are simultaneously
encrypted through Tres®. In the end, it is only
‘ZorgTTP is always
ready and prepared to keep
searching for acceptable solutions
for all parties. This constructive
attitude is exactly what we will be
needing in the future.’
Mrs ir. Hannelore Hofhuis, PhD
Secretary of the board,
Achmea
PALGA Foundation
6
7
the encrypted data that is saved in the user’s
information system. Only authorized users are
able to decrypt the values.
By trusting ZorgTTP with your encryption and
decryption you can be sure that no other party
than the authorized users have access to the
converted data.
The pseudonymization and Tres® can be used
complementary.
Extensive network
Finally
For the future, ZorgTTP has but one goal, which
is to provide the best services possible in the
field of personal data protection. We intend to
reach this goal by staying true to our key values:
transparency, innovation and effectiveness, and
by always putting the client first. By doing so,
ZorgTTP has been able to become a Trusted
Third Party with high quality and client-oriented
services. Together with our clients and partners,
we look forward to continuing and expanding
this position.
We have built an extensive network of
companies, organizations and clients with
whom we work closely. In recent years we
have been working with the independent
Dutch Data Protection Authority (CBP),
the Ministry of Health, Welfare and Sport,
the Dutch umbrella organization for health
insurers (Zorgverzekeraars Nederland),
Medical Specialists in mental care,
the Dutch National Tax Services, various
research bureaus, and many more.
Thousands of data sources all over
the Netherlands
To date, ZorgTTP has contributed largely to the
realization of a large number of projects in the
field of data exchange. The data sources that are
providing personal data through an operational
pseudonymization chain contain from twelve to
thousands of records per chain.
‘ZorgTTP works apt
and effective. Communication
lines are short and they are readily
available at any given time.
Their power lies in the fact that
they know their responsibilities
and maintain clear and open
communications.’
Eise Douma, manager DBC
Informatie Systeem (DIS),
DBC Onderhoud
9
Some of ZorgTTP’s clients
•A
GIS / ACHMEA, Amersfoort;
• Informatie Voorziening Zorg (IVZ), Houten;
•C
AK, The Hague;
• L eids Universitair Medisch Centrum
(authentication in developmental stage, Tres®);
•
C
entraal Bureau voor de Statistiek (CBS),
The Hague;
•M
enzis, Enschede;
•C
entrum Indicatiestelling Zorg (CIZ),
•M
inisterie van Volksgezondheid, Welzijn en
Driebergen;
Sport (VWS), The Hague;
•C
ollege voor zorgverzekeringen (Cvz),
•M
inisterie van Defensie, The Hague;
Diemen;
•N
ederlands Instituut voor Onderzoek Eerste
•D
BC Onderhoud, Utrecht;
Lijn (NIVEL), Utrecht;
•D
utch Hospital Data (DHD), Utrecht;
•N
ederlandse Vereniging van Heelkunde
(NVvH), Utrecht;
•D
utch Institute for Clinical Auditing (DICA),
Leiden;
• P athologisch Landelijk Geautomatiseerd
Archief (PALGA), Utrecht;
•
E
xpertisecentrum Forensische Psychiatrie
(EFP), Utrecht;
• P erinatale Registratie Nederland (PRN),
Utrecht;
•G
emeente Leiden en Plato BV Universiteit
•
Leiden;
•R
egio Twente van de Provincie Overijssel;
G
G&GD, Amsterdam;
•
•H
ans Mak Instituut (HMi), Naarden;
S
tichting Benchmark GGZ (SBG), Bilthoven;
•V
ektis, Zeist.
The utmost care had been taken with this
publication. However, nothing from this
publication may be duplicated and/or
published without the written consent of
Zorg TTP
Summer 2012
10
Visiting address:
Randhoeve 225
3995 GA Houten
The Netherlands
Postal adddress:
Postbus 529
3990 GH Houten
The Netherlands
Telephone: +31-30-636 0649
[email protected]
Servicedesk: +31-30-637 8708
[email protected]
www.zorgttp.nl
Pseudonymization allows exchange of sensitive information without privacy violating.