Build health software for the Dutch market and you'll quickly hit two names: MedMij and Nictiz. They're the reason a patient in the Netherlands can pull their medications, lab results, and treatment history from different providers into one app they choose. For a founder or product team, understanding how they fit together is the difference between an app that plugs into the national exchange and one that becomes a data island. Here's a plain-language guide to the Dutch health-data landscape in 2026.

MedMij, Nictiz, and the PGO — who does what

Start with the three actors. A PGO (personal health environment) is an app the patient chooses to collect and manage their own health data. MedMij is the national trust framework — the set of agreements, security rules, and standards that lets a PGO securely request data from healthcare providers and vice versa. Nictiz is the Dutch competence centre that develops the underlying information standards everyone speaks. A useful shorthand: Nictiz defines the language, and MedMij governs the conversation. MedMij itself grew out of a collaboration led by the Dutch Patients Federation and the wider healthcare information council, with an independent foundation established to admit and oversee participants.

The building blocks: ZIBs, BgZ, and FHIR

Interoperability only works if everyone structures data the same way. That's what Nictiz's standards provide:

If you've read our EHDS explainer, this is the national layer beneath the European one — the same interoperability idea, implemented for the Netherlands.

Becoming a MedMij participant

Participation in MedMij is voluntary but gated. If you want to exchange data within the framework — as a PGO, or as a provider system connecting to one — you don't just call an API; you become a recognised participant. That means implementing the required information standards and security controls, then passing MedMij's onboarding and auditing before you're admitted. It's deliberately a quality bar, not a formality, because the whole system depends on every participant being trustworthy with patient data.

The practical implication is timing. Onboarding and auditing take real calendar time, and they assume your software already implements the standards correctly — so they sit near the end of a build but must be planned from the beginning. Teams that discover the participation bar late often face rework, because a data model or security design that wasn't built to the framework rarely passes on the first attempt.

Plan for the framework early: MedMij participation, ZIB conformance, and security auditing are not features you bolt on at the end. Like the compliance work behind any regulated build, they shape your architecture from day one — retrofitting them after the product exists is slow and expensive.

How this connects to EHDS and GDPR

Dutch exchange doesn't exist in isolation. The European Health Data Space is pushing every member state toward standardised, patient-controlled data access, and the Dutch building blocks are how the Netherlands meets that direction of travel. Underneath it all sits data protection: exchanging health data means processing a special category under GDPR, with the Dutch information-security baseline for healthcare on top. Our guide to NEN 7510 and GDPR covers that security layer in detail — MedMij assumes you've already got it right.

What it means for your build

Practically, connecting to the Dutch health ecosystem shapes several early decisions:

None of this should put you off — thousands of exchanges already run on these rails and the tooling is mature. The point is simply that Dutch health interoperability is a designed system with a front door, not something you reverse-engineer. Build to it deliberately and it becomes a moat; ignore it and you ship an app that can't talk to the country it's meant to serve.

Where to start

Map your intended data flows to the relevant ZIBs and the BgZ, confirm whether your use case requires MedMij participation, and design your security and consent model to the Dutch baseline before you write feature code. Getting the foundations right makes everything after it — audits, integrations, and eventual EHDS alignment — far smoother.

It also pays to involve someone who has been through MedMij onboarding before. The standards themselves are public, but the practical know-how of passing an audit on the first attempt — and sequencing the work so nothing blocks launch — is where experienced teams save weeks.

Note: this article is general information, not legal or regulatory advice. Requirements for MedMij participation, information standards, and health-data protection change over time — always verify the current rules with the relevant Dutch authorities and a qualified advisor for your specific product.

Frequently asked questions

What is MedMij? The Dutch national trust framework for exchanging health data between a patient's chosen personal health environment (PGO) and healthcare providers — defining the agreements, security, and standards that make it safe.

How is MedMij different from Nictiz? Nictiz develops the standards (ZIBs, BgZ); MedMij is the framework that uses them to govern real exchange. Nictiz defines the language, MedMij runs the exchange.

Do we have to join MedMij? Only if you want to exchange within the framework. Participation is voluntary but gated — you implement the standards and pass onboarding and auditing to be admitted.

Building health software that needs to speak to the Dutch ecosystem? Neurova AI develops custom medical software with interoperability and compliance designed in — see also our guides to EHDS and NEN 7510 & GDPR. Book a call to scope your integration.