133 Molesworth Street
PO Box 5013
Wellington 6140
New Zealand
T+64 4 496 2000
10 March 2023
AS Van Wey
By email: [FYI request #22047 email]
Ref:
H2023021536
Tēnā koe,
Transfer of your request for official information Thank you for your request under the Official Information Act 1982 (the Act) to Manatū Hauora
(the Ministry of Health) on 9 March 2023. You requested:
“I request all of the separate documents which are a combination of checklists and guides
which have been provide to the health sector entities.
I would also like clarification that it is a requirement for the NZ health sector to be
compliant with the references provided in section 6, including HIPAA. Section 6 states:
Health Insurance Portability and Accountability Act (HIPAA) (US):
US based federal law that required the creation of national standards (HIPAA Security
Rule) to protect sensitive patient health information from being disclosed without the
patient’s consent or knowledge.
Please provide me the number times the Ministry of Health has authorized government
information systems employees to assist a government employee (other than as
authorized under the Search and Surveillance Act) to:
(1) intercept personal communications sent by a member of the public, with out the
consent of the sender; and
(2) intercept personal communications sent by a member of the public, without the
consent of either the sender or the the intended recipient (i.e, specified individual like a
physician, or specified department, like the Clinical Records department).”
The requested information is more closely connected to the functions of Te Whatu Ora – Health
New Zealand. For this reason, I have decided to transfer your request to Te Whatu Ora under
section 14(b)(ii) of the Act. You can expect a response from their agency in due course.
Under section 28(3) of the Act, you have the right to ask the Ombudsman to review any
decisions made under this request. The Ombudsman may be contacted by email at:
[email address] or by calling 0800 802 602.
Nāku noa, na
Jan Torres
Acting Manager, OIA Services
Government and Executive Services | Te Pou Whakatere Kāwanatanga
Page 2 of 3
COPY OF OIA REQUEST
From: AS Van Wey <[FYI request #22047 email]>
Sent: Thursday, 9 March 2023 10:49
To: OIA Requests <[email address]>
Subject: Official Information request - HISO Health Information Security Framework
10029:2022
Dear Ministry of Health,
You have released a final version of the HISO Health Information Security Framework
10029:2022.
Section 5.7 states:
Tools and Templates
A separate set of documents which are a combination of checklists and guides will be
provided to the sector entities where there is limited or no documentation available to
assist with the implementation activities of HISF. These documents could be tailored to be fit for
purpose based on the needs and requirements.
I request all of the separate documents which are a combination of checklists and guides which
have been provide to the health sector entities.
I would also like clarification that it is a requirement for the NZ health sector to be compliant with
the references provided in section 6, including HIPAA. Section 6 states:
Health Insurance Portability and Accountability Act (HIPAA) (US):
US based federal law that required the creation of national standards (HIPAA Security
Rule) to protect sensitive patient health information from being disclosed without the
patient’s consent or knowledge.
Please provide me the number times the Ministry of Health has authorized government
information systems employees to assist a government employee (other than as authorized
under the Search and Surveillance Act) to:
(1) intercept personal communications sent by a member of the public, with out the consent of
the sender; and
(2) intercept personal communications sent by a member of the public, without the consent of
either the sender or the the intended recipient (i.e, specified individual like a physician, or
specified department, like the Clinical Records department).
Yours faithfully,
AS Van Wey
Page 3 of 3
