Artificial intelligence in healthcare needs governance that protects patients and practitioners
Healthcare AI is different. Patient safety, practitioner liability, health information privacy, and hauora Māori health equity create governance challenges that no generic framework can address. Our team helps New Zealand healthcare organisations navigate the Health Information Privacy Code 2020, Medsafe requirements, Privacy Act 2020 compliance, and clinical governance obligations specific to Aotearoa, protecting both patients and practitioners.
Research from Waitematā Healthcare published in Nature Digital Medicine found that international governance frameworks are inappropriate for Aotearoa New Zealand's healthcare context. Organisations need governance that is context-specific, population-appropriate, and grounded in the regulatory and cultural realities of delivering care in this country.
The challenge for New Zealand healthcare organisations
Healthcare artificial intelligence adoption is accelerating across Aotearoa New Zealand, from Te Whatu Ora to private hospitals and primary care. But governance has not kept pace with the technology, the regulatory requirements, or the cultural obligations that make healthcare in this country unique.
Is our AI software a regulated medical device?
Medsafe regulates software as a medical device under New Zealand law, but classification is not always straightforward. Clinical decision support tools, AI scribes with diagnostic features, and predictive analytics may all require registration depending on their intended use. Getting classification wrong creates serious legal exposure for healthcare organisations and the practitioners who rely on these tools.
What are practitioners' obligations when using AI?
Practitioners remain personally responsible for AI used in their clinical practice. That includes checking scribe accuracy against their clinical judgement, understanding bias risks that affect different patient populations, and ensuring proper informed consent under the Code of Health and Disability Services Consumers' Rights. Many clinicians across New Zealand are using these tools without understanding the governance and liability obligations that attach to their use.
How do we protect patient data in AI systems?
Health information receives extra protection under the Health Information Privacy Code 2020, which operates alongside the Privacy Act 2020's 13 Information Privacy Principles. AI scribes process consultation recordings. Models may be trained on patient data. Where does the data go? Who can access it? How long is it retained? What happens to the data if the AI vendor is acquired or goes out of business? Most healthcare organisations cannot answer these questions confidently.
Hauora Māori and health equity in AI governance
Healthcare AI governance in Aotearoa New Zealand cannot be separated from the imperative to improve hauora Māori health outcomes and address the persistent health inequities experienced by Māori communities. AI systems deployed without cultural governance risk perpetuating or deepening these disparities through biased algorithms, unrepresentative training data, or decision-making processes that do not account for the social determinants of health that disproportionately affect Māori whānau.
Te Tiriti o Waitangi creates obligations for the health system to actively protect Māori health and wellbeing. When healthcare organisations deploy AI, these Treaty obligations extend to the governance of those systems. This means ensuring Māori health data is governed according to Māori data sovereignty principles, that algorithms are tested for bias against Māori populations specifically, that clinical AI tools are validated for effectiveness across diverse New Zealand populations, and that Māori communities have meaningful input into how AI is used in the delivery of their healthcare.
Our team helps healthcare organisations build AI governance that centres hauora Māori and health equity alongside clinical safety, privacy compliance, and regulatory requirements. This is not a separate workstream but an integral dimension of responsible healthcare AI governance in Aotearoa New Zealand.
Healthcare AI has multiple regulatory requirements
No single framework covers healthcare AI in New Zealand. Organisations must navigate Medsafe, the Health Information Privacy Code 2020, the Privacy Act 2020, the Code of Health and Disability Services Consumers' Rights, and Treaty of Waitangi obligations simultaneously. Our consultants help you address all of these requirements through integrated governance.
Medsafe
Medical device regulation
- Software as a Medical Device (SaMD) classification under New Zealand regulations
- Clinical decision support tools may require formal registration and ongoing monitoring
- AI scribes with diagnostic or recommendation features under regulatory review
Health Information Privacy Code 2020
Enhanced privacy protection for health data
- Stricter requirements than the Privacy Act for health information processing
- Additional informed consent requirements when AI processes patient data
- Cross-border transfer restrictions for overseas AI vendors processing health data
Privacy Act 2020
Baseline privacy requirements
- All 13 Information Privacy Principles apply to health data processing by AI
- Automated decision-making transparency required under the Privacy Commissioner's guidance
- Individual rights to access, correct, and understand how their information is used
Clinical Governance and Treaty Obligations
Patient safety and cultural safety
- Clinical validation of AI diagnostic and decision support tools for NZ populations
- Hauora Māori health equity assessment and algorithmic bias monitoring
- Practitioner competency, incident reporting, and quality monitoring for AI systems
Where healthcare organisations in New Zealand use AI
Each use case has different risk profiles, regulatory requirements, and governance needs. Our team helps you develop tailored approaches for each category of AI deployment.
Clinical Decision Support
AI tools that assist diagnosis, treatment planning, or clinical decision-making. May require Medsafe registration depending on intended use and the degree to which the tool influences clinical outcomes.
AI Medical Scribes
Consultation recording and clinical note generation. Raises Health Information Privacy Code 2020 consent questions, data residency concerns, and practitioner verification obligations under New Zealand clinical standards.
Medical Imaging AI
Radiology interpretation, pathology analysis, and diagnostic imaging. Requires clinical validation for New Zealand populations, quality monitoring, and ongoing assessment of accuracy across diverse patient groups.
Predictive Analytics
Patient risk stratification, readmission prediction, and resource planning. Needs bias monitoring for hauora Māori equity, clinical oversight, and validation of predictive accuracy for New Zealand populations.
Why international AI frameworks fail in New Zealand healthcare
Research published in Nature Digital Medicine from Waitematā Healthcare found that internationally developed AI governance models are inappropriate for Aotearoa New Zealand's healthcare context. The study identified several critical gaps: international frameworks do not account for Te Tiriti o Waitangi obligations, they lack provisions for the cultural safety of Māori and Pacific patients, and they do not address the specific regulatory environment created by the Health Information Privacy Code 2020 and the Code of Health and Disability Services Consumers' Rights.
Healthcare organisations in New Zealand need context-specific and population-appropriate governance that addresses questions international frameworks never ask: What happens to patient data if the AI vendor is sold or acquired? Who bears responsibility for ongoing monitoring and audit of clinical AI accuracy? How are conflicts of interest managed when the same organisation develops, deploys, and evaluates AI tools? What specific provisions exist for intellectual property sharing and commercialisation of AI insights derived from patient data? Our consultants help organisations address these challenges with governance designed for the Aotearoa New Zealand healthcare system.
How we help healthcare organisations
Tailored AI governance services for New Zealand healthcare organisations, from Te Whatu Ora through to private practices and healthtech businesses.
Regulatory Compliance Assessment
We assess your AI systems against Medsafe medical device requirements, Health Information Privacy Code 2020, Privacy Act 2020, and the Code of Health and Disability Services Consumers' Rights. Our team identifies compliance gaps and provides practical remediation strategies that address all overlapping regulatory obligations, including Treaty of Waitangi requirements for hauora Māori equity in AI deployment.
Clinical Governance Frameworks
We develop clinical governance frameworks for AI that integrate with your existing quality and safety processes. This includes practitioner training on AI obligations, clinical validation protocols for New Zealand populations, incident response procedures, accountability frameworks for AI failures, and monitoring systems that track bias, accuracy, and equity outcomes over time.
Build governance framework →Privacy Impact Assessments
We conduct Privacy Impact Assessments for AI systems processing health information, ensuring compliance with the Health Information Privacy Code 2020 and the Privacy Act 2020's 13 Information Privacy Principles. We document your privacy safeguards and create evidence of compliance that satisfies the Privacy Commissioner and supports clinical governance requirements.
Privacy Act compliance →Frequently asked questions
Does our AI medical scribe require Medsafe registration?
It depends on the intended use. If the scribe only documents what the practitioner says and generates clinical notes for review, it is likely not classified as a medical device. If it provides diagnostic suggestions, clinical recommendations, or alerts based on the consultation content, it may require Medsafe registration as a Software as a Medical Device. Our consultants help you assess classification and determine your regulatory obligations under New Zealand law.
What are practitioners' governance obligations when using AI?
Practitioners remain responsible for the accuracy of clinical notes and decisions generated or informed by AI. Under the Code of Health and Disability Services Consumers' Rights, they must review and verify AI-generated content, understand the tool's limitations, obtain appropriate informed consent from patients, and ensure Health Information Privacy Code 2020 compliance. Healthcare organisations have a responsibility to train practitioners on these obligations and establish clinical governance processes that support safe AI use.
Can we use overseas AI vendors for health data processing?
The Health Information Privacy Code 2020 restricts the overseas transfer of health information. You need to assess whether the overseas AI vendor has privacy safeguards comparable to those required under New Zealand law, and document your assessment thoroughly. The Privacy Commissioner expects organisations to understand precisely where health data goes and what protections are in place. Our team helps you evaluate AI vendors and implement appropriate contractual and technical protections for cross-border health data flows.
How do we handle patient consent for AI processing?
The Health Information Privacy Code 2020 requires informed consent for health information processing. Patients need to understand that AI will be used, what it does, where their data goes, and how it is protected. The Code of Health and Disability Services Consumers' Rights reinforces the right to be fully informed. We help healthcare organisations develop consent processes and patient information materials that meet legal requirements and build patient trust in how AI is used in their care.
How does hauora Māori health equity factor into AI governance?
Te Tiriti o Waitangi obliges the health system to actively protect Māori health and address health inequities. When AI is deployed in healthcare, these obligations extend to the governance of those systems. This means testing algorithms for bias against Māori populations, ensuring clinical AI tools are validated for Māori patients, incorporating Māori data sovereignty principles through kaitiakitanga and mana, and engaging with Māori communities about how AI affects their healthcare. Our approach integrates hauora Māori equity assessment into every aspect of healthcare AI governance.
Related services
Privacy Act 2020 Compliance for AI
Health information receives extra protection under the Health Information Privacy Code 2020. Ensure your AI systems comply with both the Privacy Act's 13 Information Privacy Principles and health-specific privacy requirements.
Learn more →AI Risk Assessment
Identify clinical, privacy, operational, cultural, and regulatory risks in your healthcare AI systems before deployment with our comprehensive risk assessment methodology.
Learn more →Māori Data Governance
Healthcare organisations have particular obligations around Māori data sovereignty, hauora Māori, and Treaty of Waitangi commitments. Build culturally grounded AI governance with specialist guidance.
Learn more →Ready to build governance for your healthcare AI?
Schedule a consultation with our team to discuss your healthcare AI governance requirements and how we can help you navigate Medsafe, the Health Information Privacy Code 2020, clinical governance obligations, and hauora Māori health equity in Aotearoa New Zealand.