Kiwi start-up secures international standard for information security management

SECTOR UPDATE - mA.I Health

Kiwi start-up mA.I Health has secured ISO/IEC 27001:2022 certification, confirming its systems for managing and protecting sensitive health information meet rigorous international standards. 

The certification, awarded following an independent audit and registered on 20 May 2026, provides added assurance for families and healthcare partners relying on secure, patient-controlled access to health data. 

For individuals and families, health data is deeply personal, and protecting it is essential. mA.I Health recognises the responsibility that comes with this and has built its platform around strong, internationally aligned safeguards to keep information secure and within users’ control.

For people managing complex, lifelong or multi-provider healthcare, keeping track of health information can be a significant burden. 

Health records often sit across different clinics, hospitals, providers and even countries, leaving individuals and families to piece together the information needed to support informed and timely care. 

mA.I Health addresses this challenge by bringing health information together in one secure, patient-controlled platform, making it easier to organise, access and share records when and where they are needed most.

The company's commitment to protecting that information has now been recognised through ISO/IEC 27001:2022 certification. 

Following an independent audit by ARS Assessment Private Limited, the certification confirms that mA.I Health meets rigorous international standards for information security management. 

Registered on 20 May 2026, it covers the design, development and operation of the mA.I Health platform for the management, storage, sharing and retrieval of health-related information.

Arlene Goodwin, co-founder of mA.I Health, says the certification provides external assurance that security has been built into how the organisation operates.

“People using mA.I Health are trusting us with deeply personal information. That trust must be earned through disciplined systems and clear accountability,” says Goodwin. 

“This certification gives families, healthcare partners, and other stakeholders greater confidence that the protections around their information have been carefully designed, assessed and maintained.”

Its security framework combines several layers of protection. mA.I Health complies with New Zealand’s Privacy Act 2020 and Health Information Privacy Code 2020, while its architecture is designed to meet  the requirements of US health legislation (HIPAA) and the EU’s data security law (GDPR).

Its in-app AI search also operates within mA.I Health’s secure environment, meaning users’ health information is not sent to external AI models or used to train them.

Goodwin says this is particularly important as more health services adopt digital and AI enabled tools.

“AI can make it easier for people to find relevant information within a large medical history, but that usefulness cannot come at the expense of privacy,” she says.

“Security risks evolve, and our controls need to evolve with them. This gives us a clear, independently assessed framework for continuing that work as the platform grows and as we engage with families, healthcare organisations and partners in New Zealand and overseas.”

What sets mA.I Health apart

Unlike traditional patient portals or provider-specific apps, mA.I Health is provider-agnostic, globally accessible and centred around the individual. Key features include:

• Universal record keeping – across all providers and regions, locally and globally
  
• Secure sharing and collaboration – supports coordinated care amongst carers and family to optimise better health outcomes 
  
• Family accounts – for children, spouses, and parents – all managed from one device
  
• Private access only – only you or authorised individuals can view or transmit data 
  
• Strong privacy protections – your data is encrypted and safeguarded under local and internationally recognised health and data privacy standards 
  
• Private AI overlay – retrieve relevant data instantly, and in the future will translate medical info when traveling
  
• Personalised health summaries – alerts clinicians to critical history and contraindications
  
• Total user control – you own your data, not institutions
  
• No data mining – your information is never sold or used by big tech or corporates
  

For more information about mA.I Health and its approach to health information security, visit https://maihealthapp.co.nz/news/your-health-deserves-privacy-you-can-trust

Source: mA.I Health

Sector updates are provided by organisations to eHealthNews.nz and have not necessarily been edited or checked for accuracy. Any queries should be directed to the organisation issuing the release.

Do you have an item to add to sector updates?

Email your information to us at updates@hinz.org.nz

Return to eHealthNews.nz home page