Health Ministry details digital requirements

Ministry releases 'Digital, data and technology services – minimum requirements'

The government has issued a set of minimum requirements for health organisations’ digital, data and technology services.

The Digital, data and technology services – minimum requirements, released by the Ministry of Health, fall into four broad categories: general, security, data, and commercial.

They standards require all new digital services and the data they collect and hold to be conformant, and in some cases compliant, with government-published HISO standards, roadmaps and architecture guidelines.

The requirements also specify that organisations must govern the data they hold in line with data protection and use, privacy, social license and Māori data sovereignty guidelines.

The deputy director-general data and digital, Shayne Hunter,  said the requirements signalled a move to a more open approach where digital services are cloud-based and continually evolve and share data with other services – rather than being confined to a single organisation. Hunter said the requirements would be updated annually.

"An open approach, which is the general trend in many government related sectors, encourages collaboration, reduces duplication and helps maximise existing resources,” he said.

"The requirements reflect the important role of standards and includes those that are already published and promoted – such as HISO standards and the Health Information Security Framework - alongside new requirements.”

Mandatory standards coming

The New Zealand Health IT Cluster (NZHIT), the peak body for the New Zealand digital health industry sector, has released an advisory for its members in which it cautions that some standards will become mandatory, and therefore there is an important distinction between use of  “conformance” and “compliance” in the ministry’s requirements.

“[Conformance] describes the need to demonstrate that the outcomes of a certain standard are being met even if the standard itself may not be partially or fully followed (eg a different standard may be in use that achieves or exceeds the required outcomes). [Compliance] prescribes the adherence to a certain standard and requires that a particular standard is adopted in order to achieve specified outcomes.”

NZHIT said it had provided input into the requirements and supported the leadership they would provide. “Whilst it is not an exhaustive list of requirements the notice sets out what should be considered as minimum levels of practice,” NZHIT said.

“Nonetheless, it is an important notice as it establishes a baseline of minimum expectations on common requirements to be met by all digital services.”

NZHIT said the notice addressed a number of concerns its members had raised previously in relation to inconsistencies across the country and the need for increased direction for the application of standards, data governance, security, replication, cloud delivery, interoperability and other related areas.

“For all of this to be sustainable and support the ongoing delivery of healthcare services (now and into the future) it is important for the sector to recognise the commitment that goes into achieving the level of required standards and minimum requirements for digital, data and technology services.”

It called for organisations funding digital health solutions to have commercially sound agreements in place “that take the full life-cycle of the digital solution into account, and only [contract] with those who demonstrate they have made the commitment to these requirements.”

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about

Show Comments
[]