Security standards
Standards for managing the security of health information
Pātiki and Waharua Kōpito patterns
HISO 10029:2022 Health Information Security Framework (HISF)
The HISF is designed to support health sector organisations and practitioners to manage the security of personally identifiable health information. It has been published in multiple parts, each addressing the security requirements for the different segments identified, i.e., hospitals, micro to small organisations, medium to large organisations and suppliers. The first part of the framework defines the overall security framework in terms of obligations, segmentation, requirements and guidance.
Segments
HISO 10029.1:2023 Health Information Security Framework Guidance for Hospitals
HISO 10029.1:2023 Health Information Security Framework Guidance for Hospitals
HISO 10029.1:2023 Health Information Security Framework Guidance for Hospitals provides details on the requirements and relevant guidance supporting the core framework document.
HISO 10029.2:2023 Health Information Security Framework Guidance for Micro to Small Organisations
HISO 10029.2:2023 Health Information Security Framework Guidance for Micro to Small Organisations
HISO 10029.2:2023 Health Information Security Framework Guidance for Micro to Small Organisations provides details on the requirements and relevant guidance supporting the core framework document.
HISO 10029.3:2023 Health Information Security Framework Guidance for Medium to Large Organisations
HISO 10029.3:2023 Health Information Security Framework Guidance for Medium to Large Organisations
HISO 10029.3:2023 Health Information Security Framework Guidance for Medium to Large Organisation provides details on the requirements and relevant guidance supporting the core framework document.
HISO 10029.4:2025 Health Information Security Framework Guidance for Suppliers
HISO 10029.4:2025 Health Information Security Framework Guidance for Suppliers
HISO 10029.4:2025 Health Information Security Framework Guidance for Suppliers provides details on the requirements and relevant guidance for suppliers supporting the core framework document.
Additional resources such as a 'helper' document and a summary of the updates included in the 2025 release are also available at the link below.
Additional Information
Additional information can be found on the Cyber Hub. The hub is the cyber security information centre for organisations delivering or supporting healthcare in Aotearoa.
Contact us
We welcome your feedback on these standards. Email us at standards@tewhat.govt.nz