Protecting precious health data: Kiwi start-up secures international standard for information security management
ISO/IEC 27001:2022 certification provides assurance for families managing sensitive health information
Kiwi start-up mA.I Health™ has secured ISO/IEC 27001:2022 certification, confirming its systems for managing and protecting sensitive health information meet rigorous international standards.
The certification, awarded following an independent audit and registered on 20 May 2026, provides added assurance for families and healthcare partners relying on secure, patient-controlled access to health data.
For individuals and families, health data is deeply personal, and protecting it is essential. mA.I Health™ recognises the responsibility that comes with this and has built its platform around strong, internationally aligned safeguards to keep information secure and within users’ control.
For people managing complex, lifelong or multi-provider healthcare, keeping track of health information can be a significant burden.
Health records often sit across different clinics, hospitals, providers and even countries, leaving individuals and families to piece together the information needed to support informed and timely care.
mA.I Health™ addresses this challenge by bringing health information together in one secure, patient-controlled platform, making it easier to organise, access and share records when and where they are needed most.
The company's commitment to protecting that information has now been recognised through ISO/IEC 27001:2022 certification.
Following an independent audit by ARS Assessment Private Limited, the certification confirms that mA.I Health™ meets rigorous international standards for information security management.
Registered on 20 May 2026, it covers the design, development and operation of the mA.I Health™ platform for the management, storage, sharing and retrieval of health-related information.
Arlene Goodwin, co-founder of mA.I Health™, says the certification provides external assurance that security has been built into how the organisation operates.
“People using mA.I Health™ are trusting us with deeply personal information. That trust must be earned through disciplined systems and clear accountability,” says Goodwin.
“This certification gives families, healthcare partners, and other stakeholders greater confidence that the protections around their information have been carefully designed, assessed and maintained.”
Its security framework combines several layers of protection. mA.I Health™ complies with New Zealand’s Privacy Act 2020 and Health Information Privacy Code 2020, while its architecture is designed to meet the requirements of US health legislation (HIPAA) and the EU’s data security law (GDPR).
Its in-app AI search also operates within mA.I Health™’s secure environment, meaning users’ health information is not sent to external AI models or used to train them.
Goodwin says this is particularly important as more health services adopt digital and AI enabled tools.
“AI can make it easier for people to find relevant information within a large medical history, but that usefulness cannot come at the expense of privacy,” she says.
“Security risks evolve, and our controls need to evolve with them. This gives us a clear, independently assessed framework for continuing that work as the platform grows and as we engage with families, healthcare organisations and partners in New Zealand and overseas.”
What sets mA.I Health™ apart
Unlike traditional patient portals or provider-specific apps, mA.I Health™ is provider-agnostic, globally accessible and centred around the individual. Key features include:
Universal record keeping – across all providers and regions, locally and globally
Secure sharing and collaboration – supports coordinated care amongst carers and family to optimise better health outcomes
Family accounts – for children, spouses, and parents – all managed from one device
Private accessonly – only you or authorised individuals can view or transmit data
Strong privacy protections – your data is encrypted and safeguarded under local and internationally recognised health and data privacy standards
Private AI overlay – retrieve relevant data instantly, and in the future will translate medical info when traveling
Personalised health summaries – alerts clinicians to critical history and contraindications
Total user control – you own your data, not institutions
No data mining – your information is never sold or used by big tech or corporates