Build health software for the Dutch market and you'll quickly hit two names: MedMij and Nictiz. They're the reason a patient in the Netherlands can pull their medications, lab results, and treatment history from different providers into one app they choose. For a founder or product team, understanding how they fit together is the difference between an app that plugs into the national exchange and one that becomes a data island. Here's a plain-language guide to the Dutch health-data landscape in 2026.
MedMij, Nictiz, and the PGO — who does what
Start with the three actors. A PGO (personal health environment) is an app the patient chooses to collect and manage their own health data. MedMij is the national trust framework — the set of agreements, security rules, and standards that lets a PGO securely request data from healthcare providers and vice versa. Nictiz is the Dutch competence centre that develops the underlying information standards everyone speaks. A useful shorthand: Nictiz defines the language, and MedMij governs the conversation. MedMij itself grew out of a collaboration led by the Dutch Patients Federation and the wider healthcare information council, with an independent foundation established to admit and oversee participants.
The building blocks: ZIBs, BgZ, and FHIR
Interoperability only works if everyone structures data the same way. That's what Nictiz's standards provide:
- ZIBs (zorginformatiebouwstenen, or health information building blocks) are standardised definitions of clinical concepts — a medication, an allergy, a measurement — so the same data means the same thing everywhere.
- BgZ (Basisgegevensset Zorg, the basic healthcare dataset) is the agreed minimum set of patient data for continuity of care, assembled from ZIBs.
- FHIR is the modern HL7 exchange format the Dutch standards are built on, so MedMij exchanges are FHIR-native.
If you've read our EHDS explainer, this is the national layer beneath the European one — the same interoperability idea, implemented for the Netherlands.
Becoming a MedMij participant
Participation in MedMij is voluntary but gated. If you want to exchange data within the framework — as a PGO, or as a provider system connecting to one — you don't just call an API; you become a recognised participant. That means implementing the required information standards and security controls, then passing MedMij's onboarding and auditing before you're admitted. It's deliberately a quality bar, not a formality, because the whole system depends on every participant being trustworthy with patient data.
The practical implication is timing. Onboarding and auditing take real calendar time, and they assume your software already implements the standards correctly — so they sit near the end of a build but must be planned from the beginning. Teams that discover the participation bar late often face rework, because a data model or security design that wasn't built to the framework rarely passes on the first attempt.
Plan for the framework early: MedMij participation, ZIB conformance, and security auditing are not features you bolt on at the end. Like the compliance work behind any regulated build, they shape your architecture from day one — retrofitting them after the product exists is slow and expensive.
How this connects to EHDS and GDPR
Dutch exchange doesn't exist in isolation. The European Health Data Space is pushing every member state toward standardised, patient-controlled data access, and the Dutch building blocks are how the Netherlands meets that direction of travel. Underneath it all sits data protection: exchanging health data means processing a special category under GDPR, with the Dutch information-security baseline for healthcare on top. Our guide to NEN 7510 and GDPR covers that security layer in detail — MedMij assumes you've already got it right.
What it means for your build
Practically, connecting to the Dutch health ecosystem shapes several early decisions:
- Model data in ZIBs from the start rather than inventing your own schema and mapping later.
- Build on FHIR and follow the relevant MedMij information standards for your use case.
- Design for consent and access logging as first-class features, not afterthoughts.
- Budget for onboarding and audit time, not just development time.
- Decide what's truly custom. Some connectivity can lean on existing FHIR tooling; your differentiator is the experience on top.
None of this should put you off — thousands of exchanges already run on these rails and the tooling is mature. The point is simply that Dutch health interoperability is a designed system with a front door, not something you reverse-engineer. Build to it deliberately and it becomes a moat; ignore it and you ship an app that can't talk to the country it's meant to serve.
Where to start
Map your intended data flows to the relevant ZIBs and the BgZ, confirm whether your use case requires MedMij participation, and design your security and consent model to the Dutch baseline before you write feature code. Getting the foundations right makes everything after it — audits, integrations, and eventual EHDS alignment — far smoother.
It also pays to involve someone who has been through MedMij onboarding before. The standards themselves are public, but the practical know-how of passing an audit on the first attempt — and sequencing the work so nothing blocks launch — is where experienced teams save weeks.
Note: this article is general information, not legal or regulatory advice. Requirements for MedMij participation, information standards, and health-data protection change over time — always verify the current rules with the relevant Dutch authorities and a qualified advisor for your specific product.
Frequently asked questions
What is MedMij? The Dutch national trust framework for exchanging health data between a patient's chosen personal health environment (PGO) and healthcare providers — defining the agreements, security, and standards that make it safe.
How is MedMij different from Nictiz? Nictiz develops the standards (ZIBs, BgZ); MedMij is the framework that uses them to govern real exchange. Nictiz defines the language, MedMij runs the exchange.
Do we have to join MedMij? Only if you want to exchange within the framework. Participation is voluntary but gated — you implement the standards and pass onboarding and auditing to be admitted.
Building health software that needs to speak to the Dutch ecosystem? Neurova AI develops custom medical software with interoperability and compliance designed in — see also our guides to EHDS and NEN 7510 & GDPR. Book a call to scope your integration.