HISO 10029:2022 Health Information Security Framework (HISF)

The HISF is designed to support health sector organisations and practitioners to manage the security of personally identifiable health information. It has been published in multiple parts, each addressing the security requirements for the different segments identified, i.e., hospitals, micro to small organisations, medium to large organisations and suppliers. The first part of the framework defines the overall security framework in terms of obligations, segmentation, requirements and guidance.

- Read more

 

Segments

HISO 10029.1:2023 Health Information Security Framework Guidance for Hospitals

HISO 10029.1:2023 Health Information Security Framework Guidance for Hospitals

HISO 10029.1:2023 Health Information Security Framework Guidance for Hospitals provides details on the requirements and relevant guidance supporting the core framework document.

- Read more

HISO 10029.2:2023 Health Information Security Framework Guidance for Micro to Small Organisations

HISO 10029.2:2023 Health Information Security Framework Guidance for Micro to Small Organisations

HISO 10029.2:2023 Health Information Security Framework Guidance for Micro to Small Organisations provides details on the requirements and relevant guidance supporting the core framework document.

- Read more

HISO 10029.3:2023 Health Information Security Framework Guidance for Medium to Large Organisations

HISO 10029.3:2023 Health Information Security Framework Guidance for Medium to Large Organisations

HISO 10029.3:2023 Health Information Security Framework Guidance for Medium to Large Organisation provides details on the requirements and relevant guidance supporting the core framework document.

- Read more

HISO 10029.4:2025 Health Information Security Framework Guidance for Suppliers

HISO 10029.4:2025 Health Information Security Framework Guidance for Suppliers

HISO 10029.4:2025 Health Information Security Framework Guidance for Suppliers provides details on the requirements and relevant guidance for suppliers supporting the core framework document.

Additional resources such as a 'helper' document and a summary of the updates included in the 2025 release are also available at the link below.

- Read more (external link)

Additional Information

Additional information can be found on the Cyber Hub. The hub is the cyber security information centre for organisations delivering or supporting healthcare in Aotearoa.

Contact us

We welcome your feedback on these standards. Email us at standards@tewhat.govt.nz