FileCap and the NTA 7516

NTA 7516: no one can comply with it anymore

The NTA 7516 standard and its associated certification scheme NCS 7516, has been deactivated on May 15, 2022. Specifically, this means that no solution or provider of a "secure mail" solution can comply with this standard, and all existing certifications have been invalidated. In a conversation with the NEN, it has become clear that there is no prospect of reactivation of this or a similar standard this year and beyond. Read on to learn more about the standard and how we arrived at this point.

A brief history

On Oct. 10, 2018, the Ministry of Health, Welfare and Sport, in collaboration with the NEN, stakeholders and experts, launched the "Secure emailing" project commissioned by Informatieberaad Zorg(https://www.informatieberaadzorg.nl/programmas-en-projecten/project-veilige-mail). This project aimed to achieve a standard for emailing personal health information, establish interoperability between the products that support secure emailing and create an implementation manual for the healthcare field.

At the beginning of 2019, this resulted in the publication of the standard and work began on the technical handbook for suppliers to comply with the new standard. At the end of 2019, the implementation manual was finalized and a so-called "connectathon" was organized for the different (potential) solution providers. This gathering was organized to test whether interoperability between solutions could be ensured. FileCap also attended this and demonstrated at the time that this had been implemented correctly.

Who is the standard important to?

As seen in the above, the standard was created primarily for healthcare facilities and healthcare professionals (but is also relevant to patients, their families and caregivers). The standard is primarily about secure e-mailing in healthcare. NTA 7516 describes the conditions under which safe e-mailing can take place and contains concrete instructions on how an organization can deal with this. The standard is based on the AVG and eIDAS. Everyone must already comply with this legislation. The AVG or additional clarifications from the Personal Data Authority state that emailing is allowed, but it must be secure. The NTA 7516 standard describes the requirements that you -for example as a hospital or municipality- must meet when exchanging medical data with other professionals or patients/clients citizens.

Source: https://www.nen.nl/nta-7516

Do I need to comply with NTA 7516?

The last sentence of the text above actually named when you as an organization or professional had to comply with the NTA 7516 standard, namely when medical data was exchanged. So, despite the fact that many players in the market tried to convince everyone that they should always comply with the NTA 7516 standard, this was only the case when medical information was exchanged. Municipalities, law firms that exchanged information with courts and other professionals and companies thus had to ask themselves to what extent medical information was to be exchanged and with whom, in order to determine whether they had to (partially) comply with the NTA7516 standard.

No solution NTA 7516 certified

As is clear by now, none of this is an issue anymore because the Central Board of Experts Healthcare & Welfare has decided to deactivate the NCS 7516 scheme as of May 15, 2022. This effectively means that no more organizations or solutions can be certified and all existing certifications have been declared invalid and revoked. So at the moment, no software application can meet the NTA 7516 standard and it is unclear if and when a new certification scheme may be announced. For more information, see https://www.nen.nl/register-nta-7516‍

From a July 2022 phone conversation with the NEN, it became clear that this will not happen in 2022 in any case, and it is highly unlikely to happen in 2023 or later, as various stakeholders seem to have strongly conflicting interests.

FileCap certified, but we waived it

As of May 2020, it was possible for suppliers to be certified for the new NTA 7516 standard. On April 1, 2021, Contec, as manufacturer of FileCap, was certified for this new standard. This meant that the FileCap solution passed the so-called certification scheme (NCS 7516) with good results and thus demonstrated its ability to provide secure electronic communication for healthcare. The certification is valid for 3 years so until 1-4-2024.

At the end of 2021, we decided as an organization that we no longer wanted and were no longer going to comply with the NTA7516 standard. The reason for this was twofold. First, we felt that the certification process and the requirements our solution would have to meet were not appropriate for our customers and too heavy a burden on our organization. Second, we believe that by applying the standard, usability was greatly reduced to a level that is not in line with our vision of a secure emailing solution. Therefore, in January 2022, we formally notified KIWA that we no longer wish to be certified for the NTA standard.

How to proceed?

For secure emailing, FileCap is a user-friendly solution that allows companies to easily send encrypted messages and files from their own email environment. This page explains the most important features of our solution. We find it important that FileCap, in addition to being very secure, is also very user-friendly. We work hard on that every day.