While new systems allow this to happen more easily and reliably, it is important that public confidence in data privacy and security is maintained. This is what information governance aims to achieve, along with helping to ensure the best possible health care and treatment are delivered.

Information governance sets the standard for the handling of personal health information and provides the tools and processes needed to attain that standard. This enables the information to be handled legally, securely, efficiently and effectively, and shared where appropriate.

The Ministry's Health Information Government Guidelines (previously called the Health Information Governance Framework) outline policies, procedures and other useful details for health providers who collect and share personal health information.

Te Whatu Ora/Health New Zealand is now in a process of re-writing and replacing the existing HISO 10029 to better suit the new operating environment of health organisations in New Zealand and making it easier to understand and adopt across the broad spectrum of health organisations.

- Read more


HISO 10029:2022 Health Information Security Framework (HISF)

Published 23 December 2022

The HISF is designed to support health sector organisations and practitioners to manage the security of personally identifiable health information.

- Read more

HISO 10064:2017 Health Information Governance Guidelines

 HISO 10064:2017 Health Information Governance Guidelines

The HISO 10064:2017 Health Information Governance Guidelines provide guidance to the health and disability sector on the safe sharing of health information. It complements the Health Information Security Framework which covers the security of health information wherever it is held.

The Guidelines outline policies, procedures and other useful details for health providers who collect and share personal health information, enabling them to do these legally, securely, efficiently and effectively.

The four major subject areas in the guidelines include:

  • maintaining quality and trust
  • upholding consumer rights and maintaining transparency
  • appropriate disclosure and sharing
  • ensuring security and protection of personal health information.

Each subject area provides the legal and policy context, then a set of requirements which are auditable and a compliance checklist.

Download HISO 10064:2017: Health Information Governance Guidelines (Word, 3.8 MB)

Having guidelines in place helps ensure public confidence in data privacy and security is maintained and that the best possible treatment and care is delivered to all New Zealanders.

HISO 10029:2015 Health Information Security Framework

The Health Information Security Framework is designed to support health and disability sector organisations and practitioners holding personally identifiable health information to improve and manage the security of that information.

The updated Health Information Security Framework references and is consistent with AS/NZS ISO/IEC 27001:2013; the New Zealand Information Security Manual; the New Zealand Government Risk Assessment Process: Information Security, and the New Zealand Government Protective Security Requirements.

Secure digital communications within the NZ health & disability sector: Implementation guidance

Communication between health agencies is an essential part of healthcare delivery. Ensuring that communications, whether analogue or digital, are secure is a fundamental requirement of a modern health system. E-mail and fax are two of the most common communication tools used in the health sector. The security of information communicated using these tools currently does not always comply with the HISF; this needs to be addressed.

The Ministry of Health and ACC have collaborated to provide this guidance to support health agencies address the security of e-mail and fax communications: