By February 20, 2027, every healthcare organization (that processes personal data in a healthcare information system) must comply with this new version. That may seem far away, but in practice it's getting closer faster than you think. Especially since your next audit will probably already take place based on the new standard. So delaying is not an option.
To get you started, we have developed a NEN 7510:2024 checklist. This allows you to see at a glance where your organization is already on track and where action is still needed to be fully compliant.
What does the new NEN 7510:2024 mean for your organization?
The core of the standard remains the same: it is still about ensuring information security in healthcare. But there are clear changes that impact how you work with it.
1. More in line with ISO 27001:2022.
The new version is more in line with the format and structure of ISO 27001:2022, which has already been updated and therefore no longer aligned with NEN 7510:2017. This saves double work for organizations dealing with both standards, as the structure and terminology are better aligned.
2. Tightened for new laws and regulations
The standard has been updated to better reflect current laws and regulations in healthcare. Consider the Supplementary Provisions for Processing Personal Data in Healthcare Act (Wabvpz), the Electronic Data Exchange in Healthcare Act (Wegiz) and the NIS2 guideline scheduled to take effect in Q2 of 2026. As a result, NEN 7510:2024 aligns even more closely with the obligations that healthcare institutions already face.
3. More concrete requirements in implementation
In the old version, organizations had more freedom in how they filled in measures. The 2024 version sets tighter frameworks for that. Do you want to do things differently? Then you must explicitly substantiate this in your Declaration of Applicability (VvT).
4. New and adapted measures
The total number of management measures has decreased because some have been merged or rewritten. But new, care-specific measures have also been added. So it is not a "simplification," but a rearrangement with extra attention to current risks.
Why a checklist helps
Moving to NEN 7510:2024 is not just an administrative update. It requires taking a critical look at your current processes, measures and documentation.
With our checklist, you can verify:
- Where do we already meet?
- Where are the holes?
- What needs to be changed or added?
That way you work towards the new standard in a structured way, without stressing right before the audit.
In short:
Transitioning to NEN 7510:2024 is more than a check mark. It's about aligning with the latest requirements, legislation and best practices in healthcare information security.
Start on time, use the checklist, and be ready for the next audit. Download the free checklist below!
By February 20, 2027, healthcare organizations must comply with NEN 7510:2024. With this checklist you can see at a glance where you already comply and where there is still work to be done. In this way you can prepare step by step for the new requirements, without surprises during the next audit.
