print

Privacy statement for the mobile application MyHealth

Op deze pagina:

Terms of Use

SCOPE AND ACCEPTANCE

These terms of use apply to any use of the 'Myhealth' app operated by the Belgian National Institute for Health and Disability Insurance (NIHDI). Prior to using this app in any way, the user is kindly requested to read these terms of use and the privacy statement carefully.

IAM basic service and consent

Upon initial use of the app, the user will be presented with a standard consent message from eHealth's IAM basic service. This notification informs the user that the app will request information from various health data sources on their behalf. The user must confirm this consent to use the app. Access to the data and functionalities is not possible without this explicit consent.

The user may withdraw consent at any time at:
https://idp.iamfas.belgium.be/fas/XUI/?spEntityID=https://www.ehealth.fgov.be/idp&service=fas&goto=https://idp.iamfas.belgium.be:443/am/saml2/continue/metaAlias/fas2/idp?secondVisitUrl=/am/SSOPOST/metaAlias/fas2/idp?ReqID=_f3f9d73b71428c2feadd30d2f3fc0d52&AMAuthCookie=

Terms of Use and Consent

Upon initial registration, the user must expressly agree to the terms of use in the app before it can be used. If the terms of use are changed, the user will be notified of the changed version within the app. The user cannot use this app if they do not agree with the contents of the terms of use after reading them. The user can only agree or disagree with the entirety of these terms of use.

Accepting the terms of use grants the user a non-exclusive, personal and non-transferable right to use the app on a single, locally used system within the limits of the terms of use and generally applicable law.

The terms of use are always available to be read via the mobile app settings.

The app is protected by an intellectual property right.

Taking into account existing technical limitations, the novelty of the technologies used and (potential) external influencing factors, the operator cannot guarantee that the app will always be accessible and without interruption or errors.

For further information or comments, the user can contact the contact center via the contact form on https://www.myhealth.belgium.be/

DEFINITIONS

App: the 'Myhealth' mobile application, including the user interface, underlying APIs and integrated web components.

User: a natural person who is known through CSAM-FAS (e.g. itsme®) authentication under their National Register Number, SSIN number or ISI number and has access to the app as a patient, mandator or mandatary.

Web components: functional modules made available within the app via web technology.

Principal - Proxy Holder - Power of Attorney: A person, known as the principal, uses a power of attorney to grant another person, known as the proxy holder, the authority to act in their place and on their behalf, which in this context concerns the management of medical information. The power of attorney deals only with this aspect of the legal relationship between the principal and proxy holder.  The principal cannot grant a new, similar power of attorney before the current power of attorney is terminated. In granting the power of attorney, the principal does not lose the ability to manage their own medication prescriptions. There are two types of proxies within this context:

  • Healthcare proxy: grants the proxy holder general access to the principal's medical information, including medication prescriptions.
  • Prescription proxy: grants the proxy holder specific access to consult and manage the principal's medication prescriptions.

ACCESS AND AUTHENTICATION

To safeguard the security of your personal medical information, we have implemented additional security measures in our mobile 'Myhealth' app. Access to the app is only possible via strong authentication with CSAM-FAS (such as itsme®). In addition, the use of a personal identification code (PIN) and/or biometric identification (fingerprint or facial recognition) is required for expedited access on the device (Data storage).

We advise users to choose a complex, unique PIN code and keep it confidential. It is important to secure your device with a password and/or biometric authentication to prevent unauthorised access. Only authorised users with the required access rights may use the app. Please report suspicious activity or unauthorised access immediately via CSAM's standard procedures.

By using the app, you agree to the mandatory use of a PIN code and/or biometric identification as an additional layer of security for access to your personal medical information. You understand that you are solely responsible for keeping your personal identification code (PIN) secure and confidential.

If the user has access to the internet, the app can be accessed online via digital keys (see 'Using digital keys'). If the user does not have access to a mobile network and can only work offline, the app provides the option to temporarily (1-5 weeks) encrypt and store medical information locally. This offline stored data is only accessible via PIN code or biometrics and is automatically deleted after the set number of days.

If the user chooses not to store information offline, no data will be retained in local storage.

Access to the app and its services may be interrupted in whole or in part at any time (for example, due to maintenance). When possible, the user will be notified of this in advance.

The user is responsible for the operation and security of the device used (smartphone/tablet) and the associated software and data storage. The app providers are not responsible for the device and will not provide support in this regard.

USING DIGITAL KEYS

The user's access to certain electronically offered services requires the use of digital (mobile) keys (such as eID card reader, Itsme®, or a security code based on TOTP (Time-based One-time password) (1) offered within the framework of services recognised in accordance with the Royal Decree of 22 October 2017 establishing the conditions, procedure and consequences of the recognition of electronic identification services for government apps.

These digital keys and the associated data are strictly personal and non-transferable.

Each user is responsible for the proper safekeeping, security, confidentiality and management of their digital keys and the associated data.

The user is responsible for choosing a secure password or other confidential code.

If a user has knowledge of the loss of any digital key, or any unauthorised use thereof by third parties, or suspects such loss or unauthorised use, they must immediately take all necessary measures to deactivate the digital key.

In the case of a locked digital key, the user must request a new one.

Digital keys are used in the context of CSAM (see https://www.csam.be/en/index.html ) and their creation and use are also governed by CSAM's user agreement.

(1) Time-based One-time Password (TOTP) is a computer algorithm that generates a one-time password (OTP) that uses the current time as a source of uniqueness.

Functionalities

The app gives users access to personal health data and services, including:

  • Integrated web components:
    • Electronic medication prescriptions (via Recip-e)
    • Medication schedule (via regional vaults)
    • Delivered medications (via Farmaflux)
    • Medical record notes (via regional vaults)
    • Population screening (via Myhealth)
    • My vaccinations (via regional vaults)
    • My Consent (via Myhealth)
    • My Caregivers (via Myhealth)
    • My Exclusions (via Myhealth)
    • My reports and results
  • Available link to https://www.myhealth.belgium.be web portal for additional personal health data services.

Encrypted data storage

If desired, the user can temporarily (1-5 weeks) store certain medical data on the mobile device via local, encrypted storage. This stored data is only accessible via a PIN code or biometrics and is automatically deleted after the set number of days.

USAGE POLICY

As a user, you agree to use the app only in a manner consistent with applicable Belgian law or with the legal or other regulations specifically applicable to you.
The user agrees:

  • to use the app solely for personal health purposes;
  • not to attempt to access information for which they do not have access rights;
  • not to use automated systems (robots, crawlers, etc.);
  • not to compromise the security, stability or integrity of the app or its associated infrastructure.

INTELLECTUAL PROPERTY

Any reproduction, public sharing or reuse of the app or any part thereof, including but not limited to the text, images, codes, interface elements, information, graphics, video files and sound files contained therein, by any means whatsoever, is prohibited without the express, written and prior permission of NIHDI.

All elements of the app, including text, images, icons, logos, trade names, brand names, graphics and software components, are protected by copyright, database and/or trademark law.
The logo and name of the National Institute for Health and Disability Insurance (NIHDI) are protected trademarks and may not be reproduced, used or distributed in any way without the express written permission of NIHDI.

Unauthorised use of these elements - especially in the context of phishing, deception or impersonation - may result in legal action.

Logos of external partners (such as itsme®) displayed within the app are also protected by the respective trademark and copyright holders.

AVAILABILITY AND LIABILITY

The 'Myhealth' app is offered free of charge by the Belgian government and the National Institute for Health and Disability Insurance (NIHDI), in collaboration with FPS Public Health. NIHDI makes every effort to provide complete, correct, accurate and updated information.

NIHDI strives to provide a secure, stable service but does not guarantee uninterrupted availability of the app.

In no case or under no circumstances can NIHDI be held liable, directly or indirectly, generally or specifically, for direct or indirect damage due to the use of the app, in particular as a result of links or hyperlinks, including, but not limited to, the provision of incorrect information, all losses, work interruptions, damage to programs or other data on the computer system, equipment, software or other property of the user. Despite best efforts, internet services can never be completely free of potential security risks. Therefore, NIHDI is not liable for breaches of user data confidentiality (including any data stored offline on the user's device (smartphone/tablet), which are secured by encryption and can only be accessed by PIN code, fingerprint or facial recognition), for example if the app or its servers are attacked by third parties. The app's content may be updated, modified or supplemented at any time without notice or notification. NIHDI provides no guarantees for the proper functioning of the app and can in no way be held liable for a malfunction or temporary (un)availability or for any form of damage, direct or indirect, resulting from the access to or use of the app. The app may contain hyperlinks to or indirectly refer to third-party or partner websites or pages. The posting of links to these websites or pages in no way implies an implicit approval of their content. NIHDI expressly declares that it has no control over the content or other features of these websites and cannot under any circumstances be held liable for their content or features or for any other form of damage resulting from their use. NIHDI also refers to the terms of use of the respective websites.

MONITORING AND SECURITY

The app and its integrated web components are supported by anonymous essential technical monitoring to ensure operation, performance and error detection.

In case of technical errors, the user can voluntarily send an error message. This requires a separate consent in which the user agrees to the sending of technical data, an anonymous processing log and the error number to NIHDI's technical team.

CHANGES

These terms of use are subject to change at any time. The most recent version is displayed in the app stores and within the app itself. Users will be asked to accept the updated terms when changes are made.

APPLICABLE LAW AND COMPETENT COURT

Belgian law applies. Disputes are preferably resolved through dialogue and mediation. If no solution is found, the courts of Brussels have sole jurisdiction.

 CONTACT

For questions about these terms or the operation of the application, the user can contact the contact center via the contact form on https://www.myhealth.belgium.be/

For questions concerning privacy: dpo@riziv-inami.fgov.be.

Privacy Policy

INTRODUCTION AND DATA CONTROLLER

The National Institute for Health and Disability Insurance (NIHDI), Avenue Galilée 5/01, 1210 Saint-Josse-ten-Node, is the data controller for the processing of personal data in the 'Myhealth' mobile app. This statement clarifies what data is collected, why and on what legal grounds, and what rights you have as a user.

Our policy regarding the protection of individuals when processing personal data is based on the General Data Protection Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, also known by its acronym GDPR.

PERSONAL DATA PROCESSED

When using the app, the following categories of personal data may be processed:

  • Identification data (Social Security Identification Number (SSIN)/National Register Number).
  • Authentication data (via CSAM/itsme®).
  • Your device's technical data (type, OS version, error messages)
  • Medical data stored offline (locally encrypted on your device)
  • Contact information (if you store it in the app for use in the contact form and other functionalities specific to the app and integrated web components)

NIHDI does not store any medical data centrally. Medical information is retrieved solely based on the functionalities you request via secure health data sources (such as Recip-e, regional vaults, etc.) and displayed using integrated web components.

PURPOSES AND LEGAL BASES

Your personal data is processed for the following purposes:

  • Secure access to your health data via the app (legitimate interest and performance of a public interest task)
    • Identification data (Social Security Identification Number (SSIN)/National Register Number).
    • Authentication data (via CSAM/itsme®).
  • Improve service based on analytical data (only after explicit consent)
    • Number of downloads and users per platform
    • Most frequently used functionalities
    • General performance data (load times, bottlenecks)
  • Technical logs for analysing technical errors and the technical repair of systems.
  • Analysis of technical errors due to the user's specific use (only after explicit consent)
    • Your device's technical data (type, OS version, error messages)
  • Anonymised recording of user interactions to diagnose any technical errors (session replay). Processing your question via the contact form (only after explicit consent)
    • Contact information (if you store it in the app for use in the contact form and other specific functionalities)
  • Downloading onto your device the personal data necessary for the functionality requested by you (only after explicit consent)
    • Identification data (Social Security Identification Number (SSIN)/National Register Number).
    • Medical data (locally encrypted on your device)
    • Contact information for specific functionalities

SECURITY MEASURES

The app uses:

  • Strong authentication via CSAM/FAS (such as itsme®)
  • Local encryption for data stored offline (only if this functionality is enabled by the user)
  • Mandatory access via PIN code or biometrics to data stored offline
  • Technical monitoring and logging with minimal data impact (only after explicit consent)

ACCESS AND TRANSFER TO THIRD PARTIES

Your data will not be shared with third parties for commercial purposes. Only authorised public institutions can be granted access as part of their legal mandate.

Federal services, such as eHealth, are involved for authentication and data retrieval without becoming data controllers.

YOUR RIGHTS UNDER THE GDPR

In compliance with the General Data Protection Regulation (GDPR), you have the following rights:

  • Right to access and rectification
  • Right to data erasure (to the extent applicable)
  • Right to object
  • Right to restriction of processing

As part of exercising your rights under the General Data Protection Regulation (GDPR), you have:

  • the right to lodge a complaint with the supervisory authority:

Data Protection Authority (DPA)
Rue de la Presse 35, 1000 Brussels
https://www.dataprotectionauthority.be/citizen

  • the right to contact the DPO of the NIHDI (see below).

DATA STORAGE

If the user so chooses, medical data can be temporarily stored locally and encrypted on the user's device (smartphone/tablet) so that the user can also access the information via PIN code, fingerprint or facial recognition during an offline session (a session not authenticated via CSAM/FAS).The user can choose whether this data is stored and for how long (1-5 weeks). The data is automatically deleted after the deadline lapses.

This functionality can be enabled when installing the app. The user can manage (modify, activate, deactivate) this functionality using the app's settings. 

INTERNATIONAL TRANSMISSION

Personal data processed in the context of troubleshooting or monitoring will not be transmitted to third countries outside the European Economic Area (EEA).

If in the future certain technical services are hosted in third countries, this will only be done provided that appropriate safeguards are in place in accordance with Article 46 of the GDPR (such as the European Commission's standard contractual clauses).

CHANGES TO THIS POLICY

This privacy statement may be updated. The most recent version can always be viewed using the app's settings. In the case of substantive changes, the user will be invited to provide consent again.

CONTACT DETAILS

Data Controller: National Institute for Health and Disability Insurance (NIHDI)
Avenue Galilée 5/01, 1210 Saint-Josse-ten-Node
Data Protection Officer (DPO): dpo@riziv-inami.fgov.be