National Immunisation Solution privacy statement

As part of the operation of our new National Immunisation System, we will be collecting some of your personal information. Find out what we record, where it's kept, who can access it and more.

On this page:

Information about your immunisation/s will be recorded in our National Immunisation System (NIS). The NIS is used to help control the spread of infectious diseases by providing information about immunisation coverage across the population, and to keep a record of the immunisations you have received or choose not to receive.

Information about your immunisations will be kept up-to-date, even if you change your doctor or go to a health service provider in another part of the country.

What we record in the NIS

The following details will be recorded:

  • your name, date of birth, and health number (National Health Index or NHI)
  • your address and contact details
  • details about the vaccination/s you receive
  • any reactions you have to the vaccination/s
  • confirmation of consent to the vaccination/s.

Providing your information

By law, all health services are required to keep complete and accurate records. To receive a vaccination, we need to collect your information and record it on the NIS, as it is the clinical record of your immunisation treatment. This means there is no ability to opt out of your vaccine information being recorded.

Accessing and correcting your information

You can request confirmation of your personal information, and your vaccination records, as held in the NIS by making a request through the National Immunisation Register. This can be done either through your health professional or by contacting your local DHB and asking for the National Immunisation Register. To find the contact details for your local DHB, go to DHB websites.

If you wish to correct your contact information, please email [email protected]

Who can access the information on the NIS

Only those people with a role in managing a vaccination programme and related administration can see, add or change the information held in the NIS. Access to the NIS is limited to those with logon access rights, and all access is recorded and can be audited.

These people may include those involved in administering the vaccine (such as Vaccinators and administration staff and health professionals who work with you, such as your family doctor, nurse or midwife, and community and private healthcare providers. Everyone who accesses the NIS is trained to keep the information safe.

After your information is collected

The information collected as part of the NIS may be used for:

  • managing your health
  • keeping you and others safe
  • planning and funding health services
  • carrying out authorised research
  • training health care professionals
  • preparing and publishing statistics
  • improving government services
  • enabling broader health and social support services

Some information, such as information about reactions to a particular vaccine, will be shared with other organisations who provide health services.

Information may also be shared with iwi and other Māori providers in line with the Ministry’s obligations to honour Te Tiriti o Waitangi through the provision of data sharing. The purpose of this data sharing is to enable iwi, hapu and whanau to self-determine their own governance of data, including its use to actively protect communities by ensuring equal opportunity, access, and support for immunisations. This data sharing may be at an aggregated or individual level, but will at all times be in accordance with the privacy requirements set out in the Privacy Act 2020 and Health Information Privacy Code 2020.

Information may also be used for statistical analysis and research purposes, in line with usual Ministry of Health processes and when permitted by the Privacy Act 2020 and Health Information Privacy Code 2020.

If we need to use the NIS information for other purposes, we will have this reviewed by the Chief Privacy Officer at the Ministry of Health and discuss it with the Office of the Privacy Commissioner to make sure your privacy interests are fully considered.

Storing your information

The NIS operates on a Salesforce platform, which is hosted on Amazon Web Services servers in Sydney, Australia. Access to the data remains limited to those with logon access rights, and all access is recorded and can be audited.

How long your information is kept

The information will be held in compliance with our standards. It will be kept for a minimum period of 10 years from the date of your last interaction with the NIS, and longer as clinically determined to be appropriate (in case future medical care providers wish to refer back to these records about you).

NIS Privacy Impact Assessments

Contact us

If you have questions about your privacy, get in touch with:

Email [email protected]

Back to top