Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

Privacy Act & codes

This code sets specific rules for agencies in the health sector. It covers health information collected, used, held and disclosed by health agencies and takes the place of the information privacy principles for the health sector.

Who the code applies to

The Health Information Privacy Code applies to the health information about identifiable individuals and applies to:

  • all agencies providing personal or public health or disability services such as primary health organisations, district health boards, rest homes, supported accommodation, doctors, nurses, dentists, pharmacists and optometrists; and

  • some agencies that do not provide health services to individuals but which are part of the health sector such as ACC, the Ministry of Health, the Health Research Council, health insurers and professional disciplinary bodies.

Rules of the Health Information Privacy Code

The Health Information Privacy Code has twelve rules:

  • Rule 1, Rule 2, Rule 3 and Rule 4 govern the collection of health information. This includes the reasons why health information may be collected, where it may be collected from, and how it is collected.
  • Rule 5 governs the way health information is stored. It is designed to protect health information from unauthorised use or disclosure.
  • Rule 6 gives individuals the right to access their health information.
  • Rule 7 gives individuals the right to correct their health information.
  • Rule 8, Rule 9, Rule 10 and Rule 11 place restrictions on how people and organisations can use or disclose health information. These include ensuring information is accurate and up-to-date, and that it isn't improperly disclosed.
  • Rule 12 governs how "unique identifiers" - such as IRD numbers, bank client numbers, driver's licence and passport numbers - can be used.

Download a quick tour of the Health Information Privacy Code rules.

Read the code

See the consolidated version of the Health Information Privacy Code 1994 incorporating amendments 2-9. View the previous amendments.

Find out more

Check out our Health Privacy Toolkit for more information.