Health Information Security Framework Update

Closed 16 Oct 2020

Opened 28 Sep 2020


HISO 10029:2015 Health Information Security Framework (HISF) is designed to support health and disability sector organisations and practitioners holding personally identifiable health information to improve and manage the security of that information.

The Health Information Security Framework was last updated in 2015. Since 2015 the information security standards and threat environment has radically changed and the Health Information Standards Organisation has decided to review the framework and the processes for its adoption.

The framework in its form references and is consistent with AS/NZS ISO/IEC 27001:2013; the New Zealand Information Security Manual (NZISM); the New Zealand Government Risk Assessment Process: Information Security, and the New Zealand Government Protective Security Requirements. However, looking internationally, we can learn from a number of the new security standards.

Given the level of change in both the cyber security threat landscape and standards, HISO would like to canvass opinion what a next generation cyber security framework should look like.


  • Health sector


  • Health information standards