mA.I Health wins ISO security certification for platform

New Zealand health technology start-up mA.I Health has secured ISO/IEC 27001:2022 certification for its platform for managing, storing, sharing and retrieving health information.

The certification followed an independent audit by ARS Assessment Private Limited and was registered on 20 May 2026. It provides external validation of the company's information security management systems at a time when patients and families are increasingly dealing with records spread across multiple providers.

mA.I Health operates a patient-controlled platform designed to bring together health information from clinics, hospitals and other care providers in one place. It is aimed at people managing complex, lifelong or multi-provider care, where records can be fragmented across organisations and sometimes across borders.

Families are often left to assemble the information needed for treatment decisions and day-to-day care. Unlike provider-specific portals, the platform places records under the control of the individual rather than a single hospital or clinic.

Security focus

The certification covers the design, development and operation of the platform, including systems used to manage, store, share and retrieve health-related information.

For digital health companies, ISO/IEC 27001:2022 is widely used as a benchmark for information security processes, governance and risk management. For mA.I Health, the certification is likely to carry weight with healthcare partners and with families deciding whether to store sensitive records in a third-party app.

Arlene Goodwin, Co-Founder of mA.I Health, said the standard reflects how the organisation handles personal information. "People using mA.I Health are trusting us with deeply personal information. That trust must be earned through disciplined systems and clear accountability."

She said the independent assessment would matter to users and partners. "This certification gives families, healthcare partners, and other stakeholders greater confidence that the protections around their information have been carefully designed, assessed and maintained."

Patient control

The platform is designed to give users direct control over who can view or transmit their information. It also offers family accounts intended to help parents, spouses and carers manage records from a single device.

That approach addresses a longstanding issue in healthcare data management. Patients with chronic conditions, or those receiving treatment from several specialists, often need to move records between systems that do not easily connect, creating gaps in access and delays in care coordination.

mA.I Health describes its platform as provider-agnostic and usable across regions. It has also built secure sharing tools to support collaboration between family members and carers involved in treatment and support.

AI and privacy

The company has also highlighted how its in-app artificial intelligence search function is handled. According to mA.I Health, user health information remains within its secure environment and is not sent to external AI models or used to train them.

That distinction comes as healthcare groups and software developers face increased scrutiny over how patient data is handled in AI tools. Concerns about privacy, secondary use of data and compliance with health regulations have become more prominent as AI features spread across consumer and clinical software.

mA.I Health said its wider security framework aligns with New Zealand's Privacy Act 2020 and Health Information Privacy Code 2020. It also said its system architecture is designed to meet requirements under US health law HIPAA and the EU's General Data Protection Regulation.

Goodwin said the growth of digital and AI tools in healthcare makes those safeguards more important. "AI can make it easier for people to find relevant information within a large medical history, but that usefulness cannot come at the expense of privacy."

She said the certification also sets a framework for ongoing work on risk controls. "Security risks evolve, and our controls need to evolve with them. This gives us a clear, independently assessed framework for continuing that work as the platform grows and as we engage with families, healthcare organisations and partners in New Zealand and overseas."