FileCap and the NTA7516

NTA 7516: no one can comply with it anymore

The NTA 7516 standard and its associated certification scheme NCS 7516, has been deactivated on May 15, 2022. This means concretely that no solution or supplier of a "secure mail" solution can comply with this standard and all existing certifications have been declared invalid. In a conversation with a the NEN it has become clear that there is no prospect of a reactivation of this or a similar standard this year and beyond. Read on to learn more about the standard and how we got to this point.

A brief history

On Oct. 10, 2018, the Ministry of Health, Welfare and Sport, in collaboration with the NEN, stakeholders and experts, launched the "Secure emailing" project commissioned by Informatieberaad Zorg(https://www.informatieberaadzorg.nl/programmas-en-projecten/project-veilige-mail). This project aimed to achieve a standard for emailing personal health information, establish interoperability between the products that support secure emailing and create an implementation manual for the healthcare field.

In early 2019, this resulted in the publication of the standard and work began on drafting the technical manual for suppliers to comply with the new standard. At the end of 2019, the implementation manual was finalized and a so-called "connectathon" was organized for the different (potential) solution providers. This gathering was organized to test whether interoperability between solutions could be ensured. FileCap was also present at this meeting and demonstrated that this had been implemented correctly.

Who is the standard important to?

As can be seen from the above, the standard is primarily made for healthcare institutions and healthcare professionals (but is also relevant for patients, their families and informal caregivers) and deals with safe emailing in healthcare. The NTA7516 describes the conditions under which emailing can be done safely and contains concrete instructions on how an organization can deal with this. The standard is based on the AVG and eIDAS and this legislation everyone must already comply with. The AVG or additional explanations from the Authority for the Protection of Personal Data state that emailing is allowed, but that it must be secure. The NTA 7516 standard describes the requirements that you -for example as a hospital or municipality- must meet when you want to exchange medical data with other professionals or patients/clients.

Source: https://www.nen.nl/nta-7516

Do I need to comply with NTA 7516?

The last sentence of the text above actually states when you as an organization or professional had to comply with the NTA 7516 standard, namely when medical data was exchanged. Despite the fact that many players in the market tried to convince everyone that they should always comply with the NTA 7516 standard, this was only the case when medical information was exchanged. Municipalities, law firms that exchanged information with courts and other professionals and companies therefore had to ask themselves to what extent there was medical information to be exchanged and with whom, in order to determine whether they had to comply (in part) with the NTA7516 standard.

No solution NTA 7516 certified

As is clear by now, all of this is no longer an issue because the Central Board of Experts Care & Welfare has decided to deactivate the scheme NCS 7516 as of May 15, 2022. This effectively means that no more organizations or solutions can be certified and all existing certifications have been declared invalid and revoked. So at the moment, no software application can comply with the NTA 7516 standard and it is unclear if and when a new certification scheme might be announced. For more information see: https://www.nen.nl/register-nta-7516

From a telephone conversation in July 2022 with the NEN, it became clear that this will not happen in any case in 2022 and it is very unlikely that it will happen in 2023 because different stakeholders seem to have strongly opposing interests.

FileCap certified, but we waived it

As of May 2020, it was possible for suppliers to be certified for the new NTA 7516 standard and on April 1, 2021, Contec, as manufacturer of FileCap, was certified for this new standard. This meant that the FileCap solution passed the so-called certification scheme (NCS 7516) with good results and thus demonstrated its ability to provide secure electronic communication for healthcare. The certification is valid for 3 years so until 1-4-2024.

At the end of 2021, however, we decided as an organization that we no longer wanted to and would no longer comply with the NTA7516 standard. The reason for this was actually twofold. First, we felt that the certification process and the requirements that our solution would have to meet were not appropriate for our customers and were too demanding on our organization. Second, we believe that by applying the standard, the usability was greatly reduced to a level that was not in line with our vision for a secure email solution. In January 2022 we therefore formally notified KIWA that we no longer wished to be certified for the NTA standard.

How to proceed?

In order to send e-mails securely, FileCap offers a user-friendly solution that allows companies to easily send encrypted messages and files from their own e-mail environment. On this page the most important features of our solution are explained. It is important to us that FileCap, in addition to being very secure, is also very user-friendly, and we work hard on this every day.