Skip to main content
Email

The latest news in Healthcare IT – straight to your inbox.

Home
  • Main Menu
  • Subscribe
  • Topics
    • Video
    • Analytics
    • Artificial Intelligence
    • Cloud Computing
    • EHR
    • Government & Policy
    • Interoperability
    • Patient Engagement
    • Population Health
    • Precision Medicine
    • Privacy & Security
    • Telehealth
    • Women In Health IT

Regions

  • ANZ
  • ASIA
  • EMEA
  • Global Edition
ANZ
Privacy & Security

NZ Health's poor data back-end safeguards flagged

Its third-party service providers cannot assure compliance with their data sharing contracts, the Public Service Commission also noted.
By Adam Ang
March 04, 2025
06:49 PM

Photo: Gorodenkoff Productions/Getty Images

New Zealand's Ministry of Health and Te Whatu Ora were found to have insufficient back-end protection of sensitive information shared with third-party service providers. 

The agencies were recently probed for alleged misuse of personal health information related to COVID-19 vaccination by service providers, Te Pou Matakana and Whānau Tahi. 

While their data sharing agreements (DSA) included the necessary protections and safeguards of the Privacy Act 2020 and Health Information Privacy Code 2020, there were "some significant gaps" in them, noted the Public Service Commission in its 73-page inquiry. 

"The agencies did not implement a systematic means for assuring themselves that the relevant service providers were meeting those DSA expectations."

Based on the inquiry published in February, validation checks were only applied to the quality of data shared with service providers and not to their underlying systems and controls for receiving, storing, using, and disposing of data. There were also no controls over the CSV files they receive from the government agencies. 

"This lack of back-end controls is concerning," the commission exclaimed.

The commission sees Te Whatu Ora's DSA framework as generally relying on "high trust and commercial incentives," which it does not consider adequate back-end safeguards.

Moreover, Te Whatu Ora did not receive satisfactory assurance of compliance with the DSA terms from Te Pou Matakana and Whānau Tahi, which meant no one was able to conclude the effectiveness of both government agency safeguards and institutional arrangements regarding personal health information related to COVID-19 vaccination. 

Te Whatu Ora has since informed the commission that it will revise its standard DSA terms, including adding audit, retention and disposal provisions and developing an appropriate assurance framework for monitoring the use of personal information shared with external parties.

THE LARGER CONTEXT 

New Zealand started its COVID-19 vaccination programme in February 2021. Later, to raise vaccination rates, the former District Health Boards contracted providers to deliver COVID-19 vaccination and other related services. 

Prime Minister Christopher Luxon ordered the inquiry in June to look into allegations of improper use or use by service providers of information related to COVID-19 vaccination. The inquiry was also concerned with the same issue in the 2023 Census. Besides the Ministry of Health and Te Whatu Ora, the investigation also focused on Te Puni Kōkiri, Statistics New Zealand, Oranga Tamariki and the Ministry of Social Development. 

"The inquiry found some agencies fell short on their responsibility to protect and manage the sharing of personal information, which is unacceptable," said Public Service Commissioner Brian Roche. 

The public agencies were all ordered to temporarily suspend contract renewals and extensions, as well as entering into new contracts with the service providers named in the report, until contracts with them could satisfy the Public Service Commission. They were also directed to implement updated information sharing standards by July. 

"While we don’t know if personal information was improperly used, the gate was left open. It will be for other authorities, with the appropriate regulatory and investigative tools, to determine whether personal data was misused," Commissioner Roche said. 

In 2021, the Ministry of Health released the Data and Information Strategy for Health and Disability and a corresponding two-year action plan to improve the collection, management, use, and sharing of health data. It involved the creation of a health data sharing and accessibility framework and equity measures for data standards. 

Recently, New Zealand's largest trade union, Public Service Association, warned of heightened IT breach risks following the government's move to cut data and digital jobs across Te Whatu Ora. It requested the Privacy Commissioner to investigate the planned job dismissals, which the union said could "result in legacy issues remaining unaddressed and deteriorating," potentially leading to application failures and unplanned outages.

Topics: 
Compliance & Legal, Electronic Health Records (EHR, EMR), Privacy & Security

More regional news

A doctor checking a patient's record on their digital tablet

SA completes statewide EMR implementation and more briefs

By
Adam Ang
April 18, 2025
A doctor reviewing a patient's chart

Tackling coding workforce shortage in Australia

By
Adam Ang
April 13, 2025
A nurse reading a patient's chart on a digital tablet

NZ halts data, digital jobs cuts and more briefs

By
Adam Ang
April 06, 2025
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

A doctor reviewing a patient's chart
Tackling coding workforce shortage in Australia

Most Read

How UCHealth is reducing fall injuries with AI-enhanced risk modeling
Korea University Medical Center pursues brain, heart AI development and more briefs
Roundup: AI and cloud tackle cyber risk and improve workflows
Chinese health players begin integrating DeepSeek
DEA's draft special telehealth reg rule should be tossed, healthcare orgs say
Oracle Health files QHIN application

Research

White Papers

More Whitepapers

Telehealth
Create secure, connected omnichannel communications
Telehealth
Let us guide you to HIPAA compliance
Cloud Computing
How a cloud communications platform puts connection at the center of care

Webinars

More Webinars

Analytics
Standby Eligibility and Claims Solutions: Diversify Your Risk & Ensure Business Continuity
Interoperability
Nursing Leadership, Operational Innovation, and Emerging Technologies with AONL
Artificial Intelligence
Loving the AI Revolution: How Automation is Humanizing Healthcare and Improving Provider Well-Being

Video

Ilir Kullolli, Stanford Medicine Children's Health_Las Vegas skyline Photo by halbergman/E+/Getty Images
HIMSS-ACCE working together to advance digital health
Vik Bajaj, Foresite Labs_Medical research Photo by Edward Jenner/pexels.com
Healthcare research is being affected by federal budget cuts
Priyanka Jain, Evvy_Hand holding sample vial Photo courtesy of Evvy
How one women's health startup tests fertility outcomes
Keisuke Nakagawa, UC San Diego Health_Las Vegas skyline Photo by halbergman/E+/Getty Images
Can technology help bring the human touch back to medicine?

More Stories

Lee Kim, HIMSS_Las Vegas skyline Photo by halbergman/E+/Getty Images
Past year's data breaches often stemmed from remediable cybersecurity gaps
Cathy Menkiena, Health Catalyst_Las Vegas skyline Photo by halbergman/E+/Getty Images
Innovative – and useful – tech is key to empowering care teams
Sameer Sethi of Hackensack Meridian Health on AI
Hackensack Meridian Chief AI Officer on the intersection of business and technology
Doctor checking and tracking information on a computer
HHS updates regulatory guides for the safe use of EHRs
Sameer Sethi, Hackensack Meridian Health_Computer neural network concept Photo by dan/Moment/Getty Images
Chief AI Officer on becoming one and working with the C-suite
Businessperson signing piece of paper
White House releases guidance on federal AI use and procurement
Dr. Ateev Mehrotra of Brown University School of Public Health on telehealth policy
Brown University policy expert talks about the future of telehealth flexibilities
Micky Tripathi, former HHS acting chief AI officer
Former National Coordinator headed to Mayo Clinic, reports say
Home

More News

  • MobiHealthNews
  • Healthcare Finance News
  • Healthcare Payers News

Newsletter Signup

HIMSS25 European Health Conference & Exhibition
HIMSS25 European Health Conference & Exhibition
Get ready for knowledge-sharing, all the latest innovations, and in-depth demos with Europe's most influential healthcare community.
10 - 12 June, 2025 | Paris
Learn More
AI in Healthcare Forum
AI in Healthcare Forum
The HIMSS AI in Healthcare Forum cuts through the hype to showcase real-world examples illustrating the transformative potential, and realistic challenges of AI application across the care continuum.
10 - 11 July 2025 | New York
Learn More

Footer Menu

  • About
  • Advertise
  • Reprints
  • Contact
  • Privacy Policy

© 2025 Healthcare IT News is a publication of HIMSS Media

X

Topics

  • Video
  • Analytics
  • Artificial Intelligence
  • Cloud Computing
  • EHR
  • Government & Policy
  • Interoperability
  • Patient Engagement
  • Population Health
  • Precision Medicine
  • Privacy & Security
  • Telehealth
  • Women In Health IT

Career

  • Events
  • Jobs
  • Research Papers
  • Webinars

More

  • About
  • Advertise
  • Contact
  • Special Projects
  • Video

Regions

  • ANZ
  • ASIA
  • EMEA
  • Global Edition

The Daily Brief Newsletter

Get daily news updates from Healthcare IT News.

Search form

Top Stories

Nurse checks tablet to communicate on shift
Zoom launches agentic AI-powered mobile comms for frontline staff
HIMSSCast logo
HIMSSCast: Should every healthcare organization have an AI strategy?
Vik Bajaj, Foresite Labs_Medical research Photo by Edward Jenner/pexels.com
Healthcare research is being affected by federal budget cuts