HomeCompliance › NEN 7513

NEN 7513 compliance software for patient-record logging.

A minimum-fields check on every audited EPD module, append-only storage, 5-year retention with annual restore-and-read drills, monthly proactive review by your FG, and a patient log-request flow that meets the statutory deadline.

Open the portal See pricing

What is NEN 7513?

NEN 7513:2018 is the Dutch standard for logging access to electronic patient records (EPDs). It prescribes minimum log content, append-only storage, retention of at least 5 years, segregation of duties for log management, proactive review and patient access to their own access log. It is the operational counterpart to the rules in NEN 7510 and to AVG / UAVG breach-detection expectations.

Who needs to comply

  • Hospitals, GGZ providers, GP practices and care institutions running an EPD
  • EPD vendors (HiX, Epic, Nexus, Promedico, MicroHIS, etc.) selling into the Dutch market
  • Regional exchange platforms that store access events
  • SaaS suppliers handling patient data on behalf of a Dutch care provider

Key NEN 7513 controls covered by Dazr

Minimum-fields auditPer-system check that the EPD logs all required fields - including failed and bulk actions.
Append-only storageWORM or hash-chained log evidence tracked per system.
5-year retention + restore testRetention table per system; annual restore-and-read drill scheduled and logged.
Segregation of dutiesIAM roles split between clinical access and log administration; quarterly review.
Proactive reviewMonthly risk-based sampling plan with FG sign-off. Anomalies routed to incident.
Patient log requestTemplated patient-request flow with a 4-week deadline timer.

What auditors look for

The IGJ, AP and your external auditor will look at three things: do your access logs contain all the required fields, can you produce a log for any individual patient within the statutory deadline, and do you actually review the logs proactively. Dazr structures the workspace around exactly those three questions.

How Dazr helps with NEN 7513

  • Hold the minimum-fields audit per in-scope system
  • Schedule the monthly proactive log review with named FG / privacy officer
  • Run NEN 7513 alongside NEN 7510 and NEN 7512 in one workspace
  • Track the patient log-request queue with statutory-deadline timers
  • Hand the auditor a read-only view or a single-PDF audit trail

Back to the full Dazr Compliance overview › | Sign up free ›

NEN 7513 questions, answered.

What is NEN 7513?

NEN 7513:2018 is the Dutch standard for logging access to electronic patient records. It prescribes minimum log content, append-only storage, retention of at least 5 years, proactive review, and patient access to their own access log.

How long do logs have to be kept?

At least 5 years, and longer where the Wgbo or Archiefwet apply to the underlying record. Dazr models the retention per system and reminds you when archived logs need their annual restore test.

Does Dazr review the logs for me?

No. The review is performed by your FG or privacy officer. Dazr schedules the monthly proactive review and the investigation-driven retrieval flow with templated forms and named owners.

Where is data hosted?

European Union only. AES-256-GCM at rest.

Ready to start your NEN 7513 program?

Free for one user. Pro €29/mo and Enterprise €299/mo are self-serve via Mollie. Custom (from €800/mo) is the only tier on a contract.

Open the portal All frameworks