The application of automation techniques (commonly referred to as Artificial Intelligence or “AI”) to manage, communicate and organise health information has very quickly generated higher efficiencies of service and cost savings in the health sector.  

But for any organisation that uses AI to provide digital services for health data, NZ’s Privacy obligations must be met.  

The provisions of the Privacy Act 1993 (Privacy Act) and the Health Information Privacy Code 1994 (HIP Code) manage and control the collection, storage, use and disclosure of personal information and health information. The Information Privacy Principles set out in the Privacy Act apply to “personal information” generally (which can include health information), while the Rules under the HIP Code apply specifically to “health agencies” and protect all “health information” relating to an identifiable individual.  These privacy requirements are technology agnostic – so whether the personal/health information is collected by pen and paper or via the use of AI, the Privacy Principles and HIP Code Rules will apply.    

In addition, the Privacy Act and the HIP Code apply to any business that deals in health data, not just health agencies and health service providers. For example, an on-demand cloud platform solutions provider that stores, organises and manages health data using AI would be considered an ‘agency’, and would have obligations, under the Privacy Act. As an agency providing services in respect of health information, this provider is likely to also be a ‘health agency’ for the purposes of the HIP Code.  

If you use AI for the management of health data, or you deal in health data generally, and you’d like to discuss this topic further, please contact us.  

‍