—nen 7510
NEN 7510 (Dutch healthcare).
NEN 7510 is the Dutch standard for information security in healthcare, derived from ISO/IEC 27001 with healthcare-specific extensions. Mandatory for hospitals, GP practices, and health insurers handling patient data under Article 14 BWBR Wgbo.
| NEN 7510 Control | Paramant control |
|---|---|
| 5.10 — Cryptography | Post-quantum hybrid (ML-KEM-768 + ECDH P-256) with AES-256-GCM and ML-DSA-65 signatures |
| 5.13 — Access control | Per-API-key (pgp_) authentication; admin via TOTP MFA; revocation hot-reloadable |
| 5.16 — Logging | Tamper-evident CT log signed by ML-DSA-65; per-access entries; no content disclosure |
| 5.18 — Communication security | TLS 1.3 + post-quantum at application layer; 5 MB padding for DPI masking |
| 5.20 — Application security | No password storage, no plaintext keys; argon2id at-rest |
| 5.23 — Information transfer | RAM-only relay; burn-on-read; no disk persistence of patient data |
| 5.32 — Patient identifier protection | Filename never logged; recipient identity not stored; DICOM PID encrypted in v1 blob |
| 6.1 — Information security policies | Public threat model, security audits, vulnerability disclosure (privacy@paramant.app) |
| 7.1 — Asset management | Per-device DID registration; ML-DSA-65 device identity; CT log proves continuous identity |
| 8.1 — Operations security | Hetzner DE (EU GDPR); no US CLOUD Act; sector isolation per relay container |
v0.1.0 patch note
Following the April 2026 audit, filename and patient identifier protection was strengthened — DICOM PIDs are now encrypted alongside the payload in the v1 wire format. The relay never sees the unencrypted DICOM header.