AI Healthcare Data and NZ Patient Privacy
Using AI on patient data in NZ? The Privacy Act 2020 and Information Privacy Principles create real obligations. Here is what to check first.
Why AI on patient data is suddenly on your desk
If you run a clinic, pharmacy, physio practice, or telehealth service in New Zealand, the chances are high that one of your team has already trialled an AI tool on real patient notes. Maybe it was a free browser extension that summarised a consultation. Maybe it was a slick demo of an AI scribe at a conference. Maybe a locum showed up with a phone app recording the consult and producing a SOAP note before they walked out the door.
We are seeing this across our network in 2026. The tools are genuinely useful. They are also creating a privacy exposure that most practice owners have not worked through yet. The risk is not that AI is bad. The risk is that the data leaves the country, lands on a server you do not control, and is then used in ways your patients never agreed to.
This article walks through the specific rules that apply to you in New Zealand, the questions to put to any vendor, and the rough cost of getting this done properly.
What the NZ Privacy Act 2020 actually says about health information
The starting point is the Privacy Act 2020, which sets out 13 Information Privacy Principles (IPPs) covering how you collect, store, use, disclose, and dispose of personal information. Health information gets extra protection under the Health Information Privacy Code 2020, which sits alongside the Act and has its own rules covering things like the use of health identifiers and the duty to protect health information from misuse.
Three principles matter most for AI tools:
IPP5 says you must keep personal information secure by reasonable safeguards, and you must take steps to protect it from loss, unauthorised access, use, modification, or disclosure. Uploading a patient’s consultation audio to a tool whose servers you cannot locate, and whose access controls you cannot audit, is hard to square with this.
IPP10 says you can only use personal information for the purpose it was collected. If a patient gives you their history so you can treat them, and that history then gets fed into a model training pipeline, that is a different purpose. You need either consent or a clear lawful basis.
IPP11 restricts disclosure. You can only disclose personal information in limited circumstances, and disclosure to a service provider does not automatically count.
There is also a layer above this. The Health Information Standards Organisation (HISO) publishes standards that many NZ District Health Boards, and now Te Whatu Ora, expect providers to follow. If you are a contractor or referrer into the public system, you will be asked about your information security posture. The Ministry of Health’s Manatū Hauora Hira programme set out additional expectations for data exchange that any modern AI tool handling patient data should be measured against.
I am laying this out at this length because the conversation we keep having with clinic owners is “but we read the vendor’s privacy policy and it said they were compliant.” Compliance is not what the vendor says. It is what you can demonstrate you have done, with documents.
PP12 is the rule most AI vendors will trip on
Information Privacy Principle 12 is the one that catches most people out. It governs the disclosure of personal information outside New Zealand. The principle says that if you disclose personal information to a person, agency, or organisation outside New Zealand, you must take reasonable steps to ensure the recipient is subject to obligations that are comparable to the IPPs. In practice, comparable means privacy protections that are substantively similar.
This matters because the bulk of the AI scribe and clinical AI market is offshore. The well-known names are headquartered in the United States. Some of them have regional data centres in Australia or Singapore. Almost none of them have data centres in New Zealand.
A few questions follow from that. Does the vendor’s contract give you the right to enforce the privacy terms they promise? Will they tell you about a breach within a timeframe that lets you notify the Privacy Commissioner and your affected patients? Can you get the data back, or have it deleted, when you leave? Can a New Zealand patient enforce their rights against the offshore entity, or only against you?
If the answer to any of those is unclear, you have an IPP12 problem.
We typically see three responses from vendors when this is raised. The honest ones will say yes, we have regional data residency, and here are the contractual commitments we make. The careful ones will offer an enterprise data processing addendum that includes NZ-specific clauses. The third group will say their standard terms cover it and push back. That third group is where the risk lives.
Where patient audio and notes actually go
A useful exercise is to map the data flow before you sign anything. Take a typical AI scribe workflow in a general practice. The clinician and patient speak. Audio is captured on a phone, tablet, or in-room microphone. The audio is sent over the internet to a transcription service, usually in the US. The transcript is then sent to a large language model, also in the US, which produces a clinical note. The note is sent back to your practice management system, which might be MyPractice, Indici, Medtech, or Best Practice, and the audio is often retained by the vendor for model training unless you opt out.
Every one of those hops is a potential disclosure. Each vendor in the chain is a place where the data could be subpoenaed, breached, or reused. The fact that each vendor has a privacy policy does not change the fact that the data has been disclosed outside New Zealand at multiple points.
For Australian practices in our network the analysis is similar but the statute is the Privacy Act 1988, the Australian Privacy Principles in Schedule 1, and the My Health Records Act if you connect to that system. AHPRA’s code of conduct for registered health practitioners requires you to protect patient confidentiality, and using an AI tool that you have not vetted can breach that duty. The Office of the Australian Information Commissioner has been active on cross-border data flows, and APRA’s CPS 234 on information security is relevant if you are part of a private health insurer group. ASIC’s RG 265 on information security for AFSLs is in the same family of obligations. Verify the exact applicability with your lawyer or compliance advisor, because the rules diverge in the details.
The local-first options worth a closer look
There is a small but growing group of AI tools with a real New Zealand or Australasian presence. Heidi Health, founded in Melbourne and now used by thousands of clinicians across the ditch, is the most prominent. It operates with regional data residency in Australia and has been working through an NZ-specific posture. The starting price for a single clinician is in the rough range of $50 to $100 NZD per month, with practice-wide pricing dropping as you add seats. There are other tools coming through from NZ-based founders that we are tracking, and a couple of local managed service providers that wrap a private LLM around an AI scribe so the data stays onshore.
A common pattern we see with cautious practice owners is to deploy an AI scribe inside a private environment. That means using a model running on a local server, or on a cloud region you control, and routing only the minimum data needed. It is more expensive, and you give up some of the polished out-of-the-box experience, but you do remove most of the offshore disclosure question.
What to ask any AI vendor before you sign
Here is the shortlist we run through with clients. Take it into your next vendor call.
Where does the data live at rest, and where does it transit through. Get a specific country and, ideally, a specific region. “Globally distributed” is not an answer. Can you nominate a region, and what is the cost of doing so. Is the data encrypted at rest and in transit, and who holds the keys. Is the data used to train shared models, and can you opt out without losing core features. What is the breach notification commitment in hours, and does it align with the Privacy Commissioner’s expectation of timely notification. Can you get a data processing addendum that references the NZ Privacy Act 2020 and the Health Information Privacy Code 2020, not just generic GDPR language. Can you audit the vendor, or do they have a recent third-party certification you can rely on. What happens to the data on termination, and how quickly.
If a vendor cannot answer these in writing, treat the gap as a finding in itself.
The DPIA you should be doing anyway
A Data Protection Impact Assessment is a structured way to think through a new project involving personal data. It is not a form. It is a document that records what data you are using, why, who you are sharing it with, what could go wrong, and what you are doing to mitigate that.
For a small clinic in Auckland or Hamilton, a focused DPIA on an AI scribe might take a privacy consultant two to four days. In the current market, that is roughly $2,500 to $6,000 NZD, with the upper end reflecting more complex multi-site practices. For a hospital-affiliated specialist or a private hospital, the work expands and the range goes higher.
The output is a document you can show the Privacy Commissioner, your insurer, your professional college, and your patients. If something does go wrong, a DPIA is the difference between “we considered the risks” and “we did not think about it.” It is also the entry point for an informed conversation with your insurer about cyber cover, because most NZ cyber policies now ask for one.
What a compliant rollout costs in 2026
A rough budget for a small to mid-sized practice getting this done properly looks like this. Privacy legal review of the vendor contract, $1,500 to $4,000 NZD. A focused DPIA, $2,500 to $6,000 NZD. Staff training and updated policies, $1,000 to $2,500 NZD depending on whether you do it yourself or use a trainer. The AI tool subscription itself, $50 to $150 NZD per clinician per month for the better local-first tools, more if you go for a managed private deployment. Annual privacy compliance review, $1,500 to $5,000 NZD.
For a practice with eight clinicians doing the full sweep, the one-off cost lands in the $8,000 to $18,000 NZD range, plus the ongoing subscription. That is real money. It is also a fraction of the cost of a notifiable privacy breach, which can run into six figures once legal, notification, and reputational costs are added.
Common mistakes we see in NZ practices
Three patterns repeat.
The first is the free tool. A clinician signs up with a personal email for a free AI note-taking tool, starts using it on real patients, and the practice ends up with a vendor relationship that has no contract, no DPIA, and an offshore data flow. The exposure sits with the practice, not the clinician.
The second is the all-in-one practice management bundle. A practice management vendor adds an AI feature, and the practice owner ticks the box in the next update without reading the change. We are seeing this with a couple of the larger PMS providers. The change is presented as an improvement. The data flow change is buried in a privacy policy update.
The third is treating AI as a clinical question rather than an information question. The right conversation in a practice is not whether the AI is accurate. The right conversation is where the data goes.
What good looks like for a small clinic
A small Auckland general practice in our network went through this exercise in the past six months. The lead clinician had been trialling an offshore AI scribe and liked the speed of the notes. The practice manager raised the privacy question, and a brief DPIA was commissioned. The result was a switch to a local-first alternative, a written policy on AI use, a one-page patient notice on the website, and a clause added to the locum contract requiring any AI tools to be pre-approved. The cost was modest. The change in posture with the insurer, the professional college, and the patients was significant.
A Sydney dental group I spoke with recently took a different path. They built a private environment with a small language model on a server in the practice, used it to draft notes from transcripts, and kept the audio entirely on-site. Slower, more work, but the principal told me he sleeps better. The trade-off was worth it for them.
Neither of these is the only right answer. The point is that there is a deliberate process, and that the process is the protection.
Where to from here
If you are running a health or wellness business in New Zealand and you are either rolling out AI or being asked about it by your team, the move this week is to map your current data flows. Write down every AI tool that touches patient data in your practice. Note the vendor, the country the data is held in, and the contract status. If any of those answers is “I do not know,” that is your first project.
From there, decide whether you want to engage a privacy lawyer for a vendor review, run a DPIA, or both. Get the contract terms in writing. Update your patient enrolment form and your privacy notice. Train the team. Document what you did.
The privacy rules in New Zealand are not the enemy of good AI use. They are the scaffolding that lets you use AI confidently without exposing your patients or your practice. Done well, they become a competitive advantage, because the practice down the road has not done this work and is one breach away from a story on the evening news.
Enterprise DNA works with NZ and AU businesses on this challenge. Book a 60-min Omni Audit — https://calendly.com/sam-mckay/discovery-call?utm_source=edna-landing&utm_medium=blog&utm_campaign=nzau