Healthcare organizations that handle medical and other sensitive personal data are subject to strict information security requirements. In the Netherlands, the NTA 7516 standard is often used as a practical guideline for the secure exchange of information via email, including the sharing of files containing sensitive content.
However, for many organizations, it is not always clear what this standard actually means in practice. In this blog, you’ll learn what NTA 7516 entails and how this standard relates to secure and verifiable file transfers.
What is NTA 7516?
NTA 7516 is a Dutch Technical Agreement that sets out guidelines for the secure transmission of sensitive information via email within the healthcare sector.
This standard was developed to supplement NEN 7510, the Dutch standard for information security in the healthcare sector. While NEN 7510 sets out general requirements for information security, NTA 7516 provides specific guidelines for secure email communication.
NTA 7516 is not a law and does not impose any independent legal obligation. In practice, the standard is often used within the healthcare sector as a framework for implementing legal security requirements, including those based on the General Data Protection Regulation (GDPR) and the Act on Supplementary Provisions for the Processing of Personal Data in Healthcare (Wabvpz).
The standard does not prescribe any specific technical solution, but describes the technical and organizational measures required to establish secure and auditable email communication.
Who is NTA 7516 relevant for?
NTA 7516 was developed primarily for the healthcare sector and is particularly relevant for organizations that process medical or other sensitive personal data. In practice, this includes:
· Hospitals and healthcare facilities
· Family doctors and other healthcare providers
· Mental health institutions
· Processors and suppliers working on behalf of healthcare institutions
Although the standard was developed specifically for the healthcare sector, NTA 7516 is sometimes used outside the healthcare sector as a framework for secure digital communication and information exchange.
What does NTA 7516 mean for file transfers?
NTA 7516 focuses primarily on secure email communication, but its principles are also relevant to file transfers via email.
The standard emphasizes:
· Protection of the contents during shipping
· Identification and verification of the recipient
· Restricting access to authorized personnel
· Control over the availability of information
· Evidence of security measures taken
The basic principle is that sensitive information should be accessible only to the intended recipient, and that organizations must be able to demonstrate compliance with this process. This involves not only encryption, but the entire process of transmission, access, and organizational safeguards.
Does standard email automatically comply with NTA 7516?
Standard email does not automatically comply with the requirements of NTA 7516. Although many email environments use transport encryption, the standard requires additional measures regarding recipient verification, access control, and auditability.
With the right technical infrastructure and organizational safeguards, an email environment can be properly configured in accordance with the standard. However, this requires explicit configuration, policy agreements, and consistent implementation throughout the organization.
In our article "Why Email Is Unsuitable for Large Files," you can read more about the risks that can arise when file transfers aren’t systematically organized.
The Importance of Verification and Auditing
A key principle of NTA 7516 is that the recipient’s identity must be verified before access is granted to sensitive information.
This reduces the risk of data ending up in the wrong hands, for example due to a typo in an email address.
In addition, control over the availability of information is essential. Files should not remain accessible indefinitely without this being intentionally designed and documented in policy.
This requires a combination of technical measures and organizational processes.
NTA 7516 in Practice
In practice, working in accordance with NTA 7516 means that secure email and file transfer are systematically integrated into the organization.
The implementation of security measures should not depend on individual decisions made by employees, but must be organized in a consistent and verifiable manner.
Many organizations therefore opt for a solution that automatically applies security measures within existing work environments such as Outlook or Microsoft 365. This ensures that employees’ workflows remain familiar, while the transition better aligns with the standards’ requirements.
In the article "How to Prevent Data Breaches During File Transfers," you can read about how organizations are addressing this issue more broadly.
How organizations comply with NTA 7516
Organizations that want to align their communication practices with the principles of NTA 7516 often opt for a solution that combines encryption with authentication and access control.
With FileCap, you can add an extra layer of security to Outlook or Microsoft 365. Files are protected during transmission, recipients are verified, and you can set how long the information remains available. In addition, data is stored within the EU via a European cloud provider.
This helps organizations with:
· Encrypted and verified file transfer;
· Verification of recipients prior to access;
· Customizable availability duration and access control;
· Logging to support auditability.
This enables organizations to provide support in establishing secure email communication in a verifiable manner, in accordance with the principles of NTA 7516.
You can read more about how FileCap works on our product page.
Conclusion
NTA 7516 provides a concrete framework for secure email communication within the healthcare sector and complements NEN 7510.
The standard emphasizes that secure communication requires more than just encryption. Recipient identification, access control, and auditability play a central role.
For organizations that handle medical or other sensitive personal data, it is important to establish a deliberate and systematic approach to email and file transfers. Standard email does not automatically comply with the requirements of the standard without additional technical and organizational measures.
With FileCap, you can add an extra layer of security to your existing work environment, enabling you to better adhere to the principles of secure email communication.
Would you like to know how FileCap can help make email communication within your organization more secure? Request a demo or try FileCap free for 30 days.
Frequently Asked Questions
What is NTA 7516?
NTA 7516 is a Dutch Technical Agreement that sets out guidelines for secure email communication in the healthcare sector. The standard was developed to supplement NEN 7510 and focuses specifically on the secure transmission of sensitive information via email.
Is NTA 7516 mandatory?
NTA 7516 is not a law and does not impose any independent legal obligation. Within the healthcare sector, the standard is often used as a practical framework for implementing legal security requirements, such as those under the GDPR and in conjunction with NEN 7510. The obligation to adequately secure information stems from legislation; NTA 7516 provides a concrete framework for this purpose.
When do you comply with NTA 7516?
Organizations can demonstrate that they are operating in accordance with NTA 7516 if they have consistently implemented the technical and organizational measures described in the standard and can provide evidence of this. This includes, among other things, secure transmission, recipient verification, access control, and logging to support demonstrability.
