Careyn Case Study

Case Study Overview:

  • Client: Careyn
  • Challenge: Careyn grants access to its systems and resources only after employees accept the company’s privacy policy. The organization was looking to automate that process for flexible employees.
  • Solution: Tools4ever’s offered a solution by implementing the Service Automation functionality of its flagship Identity as a Service (IDaaS) product, HelloID.
  • Products and connectors: HelloID Service Automation, Active Directory
  • Result: Careyn’s privacy policy is displayed during initial login for new user accounts. Employees must accept it before being granted access to the network and resources. User acceptance of the privacy policy reached 98%.


Careyn Automates its Privacy Policy Approval Process with HelloID

Careyn, located in the Utrecht and Breda regions of the Netherlands, is a conglomerate of home care organizations and welfare institutions. It offers services in the field of health care, nursing, home care, and youth health.

In addition to its permanent staff, Careyn employs flexible health care workers hired through external partners. In their daily work, these employees view and update patient information. New hires must agree to Careyn’s privacy policy before starting employment because they deal with sensitive personal data. To ensure that, the organization implemented Tools4ever’s Service Automation module of its IDaaS solution, HelloID.

This flexible workforce is why Careyn needed a way for employees to acknowledge in advance the privacy rules and agree to them. Ivo Jacobs, the IT Project Manager at Careyn says, “This used to be a time-consuming manual process where supervisors couldn’t monitor whether all employees have accepted the privacy policy in advance. Together with Tools4ever, we have developed a solution that makes this process completely automated.

“With Tools4ever’s HelloID Service Automation, we achieved a fully automated privacy policy approval process for our external healthcare professionals. This is an essential part of our GDPR and NEN 7510 compliance.”

Ivo Jacobs, IT Project Manager at Careyn

Regulatory compliance

Privacy is essential, especially within healthcare institutions, because it concerns sensitive patient information which is viewed, updated, and shared with other healthcare providers. GDPR has tightened the rules for storage and processing of personal data over the past few years. These rules are even more uncompromising for the Dutch healthcare sector due to the NEN 7510 information standard. Therefore, every employee with access to patient data on behalf of Careyn must agree in advance to these conditions to minimize the risk of security breaches and so that customers have peace of mind.

Complicated manual process

As with many organizations, Careyn had previously used a manual privacy policy approval. For permanent employees, this was not a big problem because signing the policy was part of their employment contract. In contrast, flexible employees have an agreement with Careyn’s temp agency (Duozorg) or are hired through a third party. Their obligation to accept the privacy policy was a separate requirement, making the process expensive and difficult to control.

Streamlined automated process

Since the manual process was so time consuming, Careyn sought to automate it. Jacobs explains, “We already had the basic building blocks with the HelloID Identity and Access Management system, which we use for account management and network access. In close cooperation between the HelloID consultants and Careyn’s IT department, we added an automated electronic data processing (EDP) function.”

Successful implementation

New users receive an account on HelloID. When employees log in for the first time, they are routed to an approval screen. Only when the user has accepted the conditions, do they gain access to Careyn’s network and applications. The approval is recorded and is available for audits. This approach was an immediate success. User acceptance reached 98%.


  • Supports an automated approval process
  • Integrated in the overall Identity Access Management solution
  • Compliant with AVG and NEN 7510 guidelines
  • Seamless integration with Careyn IT applications
  • Rapid implementation and immediate results
  • Transparency and audit capabilities
  • 100% cloud-based and future-proof solution