What does it mean to be a Medmij approved Personal Health Environment (PGO)?
To be a MedMij PGO (Personal Health Environment), several key requirements must be met, as outlined in the MedMij Agreement System:
MedMij Information Security Framework Compliance: Participants, including PGO suppliers, must adhere to the MedMij Information Security Framework. This involves possessing a valid NEN 7510 certification and demonstrating compliance with additional normative frameworks. Participants are also required to submit an annual audit declaration and report.
Policy and Operational Processes: The policy involves an overview of key management processes in which participants play a role. This means that PGO providers must engage in operational processes aligned with the standards and practices set by MedMij.
Legal Context: Participants must have an understanding of:
Relevant laws and regulations, along with specific legal agreements.
Contractual relationships and agreements involved in the ecosystem.
Responsibilities related to data processing, including identity verification and seeking consent.
Compliance with the General Data Protection Regulation (GDPR) and other relevant data protection norms.
Foundations of the Agreement System: This includes understanding the background and objectives of the MedMij Agreement System. Participants must be aware of the criteria that the system must meet (such as prerequisites and goals) and the principles guiding the system. They should also understand the system's structure, including the roles and responsibilities of different participants and how they interact within the data exchange process.
These requirements ensure that PGO providers maintain high standards of data security, legal compliance, and operational integrity, thereby safeguarding personal health data within the MedMij ecosystem.