National Switch Point does not offer end-to-end encryption of patient data

Medical information sent via the National Switch Point, LSP, is not end-to-end encrypted. Data is only sent encrypted over the connections. That is what Minister for Medical Care Bruins says in response to PvdD questions.

In his answer to the parliamentary question, the minister refers to the NEN-7512 standard, which prescribes that no end-to-end encryption is required. “There are several ways to achieve strong security. The standard offers that space,” Bruins writes.

According to the letter, a requesting healthcare party now reports from a GBZ via a ‘certified, secure connection, with a strong means of identification (the UZI card)’ to the VZVZ, the manager of the LSP. Bruins does indicate that he will ask the standards researcher NEN whether an adjustment of the standard is desirable, ‘in view of the state of the art’.

The letter from the Minister for Medical Care was a response to questions from Christine Teunissen, Member of Parliament for the Party for the Animals. During a debate, she asked whether the information in question is protected end-to-end. She says she has heard ‘sounds’ that the American administrator of the LSP – CSC – could be involved in the connection of health care providers. In addition, the MP believes that the data exchange between medical institutions should be encrypted from start to finish. “That’s a logical requirement.”

The LSP is a care network for healthcare providers in which no medical information is stored, only a referral index with citizen service numbers. The network was developed after the epd stopped.