The Manage My Health debacle is redolent of a whole host of failings. Most of these will be technical and are best left to those with technical expertise to explain. Behind the technical failings, however, are the administrative and political failings that made them possible.
For the past forty years this country has preached and practiced the gospel of “light-handed regulation” and despite a tragic series of disasters – Pike River being the costliest in lives; Leaky Homes the costliest in dollars – successive governments have kept the faith. In 2025 the House of Representatives even felt sufficiently motivated to enshrine New Zealand’s official devotion to hands-off state administration in law.
Perhaps it’s time for a slightly heavier hand?
Many New Zealanders will recall the days when in the bottom corner of most products’ packaging consumers would find the little “S” in a circle indicating that it complied with the strict standards laid down by the government-appointed Standards Council.
Passed by the First Labour Government in 1941, the Standards Act was intended to: “promote Standardization in relation to Commodities, Processes, and Practices, and for that Purpose to provide for the Establishment of a Standards Council”.
The Council itself was a model of social-democratic inclusiveness. Among its 25 members sat representatives from the New Zealand Manufacturers’ Federation, Associated Chambers of Commerce of New Zealand, New Zealand Federated Builders’ and Contractors, New Zealand Institute of Architects, New Zealand Institution of Engineers, New Zealand Institute of Chemistry, New Zealand Retailers’ Federation, Federated Farmers of New Zealand, Municipal Association of New Zealand, National Council of Women, Women’s Division of Federated Farmers, New Zealand Women’s Institutes, New Zealand Federation of Labour, Commissioner of Works, Stores Control Board, Post and Telegraph Department, New Zealand Railways, Department of Industries and Commerce, and the Council of Scientific and Industrial Research.
It is easy to imagine Act’s David Seymour collapsing into the ideological equivalent of toxic shock at this list. He would recognise instantly the motivation behind such legislative initiatives and the character of the administrative state they were intended to serve. His own Regulatory Standards Act of 2025 is, historically speaking, Act’s (and the Coalition Government’s) answer to the Standards Act of 1941.
The Standards Act and the bodies it brought into being (which included the NZ Standards Institute) have long since been repealed, repurposed, and ultimately swallowed up by the administrative back hole that is MBIE. In the neoliberal state brought into being by the Fourth Labour Government between 1984-1990 the heavy-handed regulation which underpinned the First Labour Government’s tightly managed version of capitalism had no place.
That “S”, the state’s official seal of approval, spoke of the priority it accorded the nation’s collective well-being. It acknowledged not only its own responsibility to ensure that products introduced to the marketplace would not harm their purchasers, but also the responsibilities of those selling products to the public to first secure official verification of their safety and fitness for purpose. The other main purpose of standardisation, according to An Encyclopaedia of New Zealand 1966, was to (brace yourself Mr Seymour!) “reduce needless variety in goods of a like nature, to lower production costs, to increase quality, and to make goods easily interchangeable”
Behind these stipulations stood a view of capitalism that is anathema to today’s political class. Rather than an unequivocal force for good which has only to be asked to create standardised products and services that are safe and effective for immediate and uncompelled compliance to follow, capitalism is instead recognised as a system propelled overwhelmingly by self-interest which, if allowed to regulate itself, is bound to generate increasingly costly moral and technological failures.
Except the “market”, i.e. the consumers of products and services, do not know what they do not know. They assume that the products and services sold to them – everything from building products, coloured sand for kids to play with, and online personal access to their medical records – will not cause them grief because it is manifestly not in the interests of their suppliers to do so.
This is a wonderful and touchingly naïve pledge of allegiance to classical-liberal economic theory, but it is also a fundamental misreading of the human heart. There is only a little gap between “light-handed” and “light-fingered”.
Looking at the Manage My Health hack from the outside, it seems obvious that the Ministry of Health who contracted out the provision of online access to citizens’ highly confidential personal medical data did so from a profoundly inadequate knowledge base. The expected state oversight of such a sensitive service, most particularly its guarantee of absolute personal privacy, has clearly fallen well short of the public’s expectations.
From the neoliberal ideological perspective, however, an ideology now accepted by senior public servants as well as the politicians they serve – it is neither effective nor efficient for the state to fund, develop and retain the expertise necessary to monitor and/or deliver technological services to its citizens.
In stark contrast to their implicit faith in the propensity of capitalists to behave honestly and honourably, neoliberals assume that all public servants are self-serving aggrandisers dedicated to constructing bureaucratic empires with other people’s money.
In this regard television comedies served as the free-market reformers’ advance-guard. Whether primed by the Machiavellian machinations of Yes Minister’s Sir Humphrey Appleby, or by the bumbling incompetents of Roger Hall’s Gliding On, the public’s perception of public servants had become sufficiently jaundiced by the early 1980s to accommodate the neoliberals’ searing critiques.
But the highly professional and disinterested public service which had overseen and, in many instances, led the extraordinary expansion of state capacity in the decades following the Second World War would never have dreamed of contracting-out a service as sensitive as Manage My Health. The idea of a private company profiting from the management of highly confidential health data would have been dismissed out-of-hand as asking for trouble. To ensure its security, reliability, and full political accountability, such a service would only have been permitted to operate under the aegis of the Ministry (and the Minister) of Health.
The Manage My Health debacle simply could not have happened in a society governed by politicians and public servants convinced that there are some products and services which only the state should provide. For most of its history New Zealand was such a state, and its leaders, both elected and unelected, believed themselves equal to the task of running it not only effectively and efficiently, but also to the ultimate advancement and happiness of its people.
The enduring tragedy of neoliberalism’s triumph in New Zealand is that our political class has spent the last 40 years living up to the proposition that politicians and public servants are not equal to the task of running the country and allowing itself to be convinced that only the private sector possesses the managerial chops to do the job. The political class honestly believes that it isn’t the heavy hand of state regulation that makes life happier, but the invisible hand of pecuniary self-interest.
The question is: Would the ghost of the Standards Council, contemplating so many and such egregious examples of its failures since 1984, feel comfortable awarding neoliberal New Zealand its official seal of approval?
Does it deserve the “S”?
*Chris Trotter has been writing and commenting professionally about New Zealand politics for more than 30 years. He writes a weekly column for interest.co.nz. His work may also be found at http://bowalleyroad.blogspot.com.
8 Comments
I am a Manage My health user, they say my data has not been hacked.
I really liked the service, it made it way easier to get repeats and access to my Dr via email.
The URL hack to access the data store was pretty basic and any pen test of decent quality would have found it, I suspect that no external pen tests where being done on a release basis.
I suspect CT is being a little disingenuous here. The issue is less about health data than protection of an organisation's computer data, irrespective of the content. Many people are not especially computer savvy, and other factors such as fatigue, stress and complacency can inadvertently provide access to otherwise secure systems to rogue characters who would seek to misuse and exploit any access they get. And that assumes the fundamental protections current systems require are in place.
It is a very big question around balancing risk against provision of services and access.
"In stark contrast to their implicit faith in the propensity of capitalists to behave honestly and honourably, neoliberals assume that all public servants are self-serving aggrandisers dedicated to constructing bureaucratic empires with other people’s money."
Just a bit disingenuous. And blatant conscious bias from CTs historical political antecedents: the evidence of universally benign, beneficial & accountable state bureaucracy is negligible.
The well intended and purposeful standards criteria essentially covered products. It worked while it could but it couldn’t hold its position once NZ opened up to more or less open slather importing eventually dominated by China. NZ simply lost its traditional manufacturing base that could be monitored relatively easily to be replaced by importation that couldn’t and alongside that electronic and technological advancement skyrocketed with novel complexities and an entirely different method of communication in both speed and content. Thus the protection of security and quality in both products and services is no longer anywhere near what it used to be and individuals will find it more and more difficult to protect themselves. Afraid to say these days it is simply a case of “buyer beware” for any product or service.
It didn't help that our standards regime would not, for so long, accept reputable standards from overseas.
This is the data equivalent of surprise sewage street fountain becasue no-one has checked the old pipes for far too long; but it's a lot harder to remedy.
That confidential medical information was acquired - essentially compulsorily because medical practices mandated the service use for all functions - by a private organisation that gives the appearance of being essentially unaudited, is a failure of service procurement and management.
Those control activities squarely sit in government responsibility, but becasue it's prosaic maintenance, not sparkly and new, it gets ignored, like most of our infrastructure. We don't seem to be able to design 'middle way' control and regulatory schemes that are at either soviet-like levels of inappropriate detail, or so laissez-faire they might as well not be there. Maybe we are just a nation of ideologues.
Given the increasingly free-fire nature of the digital world, personal records being held encrypted by the users only, with anonymised data only being allowed to the users and government, would be the logical step. However, that would remove the ability for central control and the undercut the profitability of big data. Both of these are anathema to the bureaucracy and the private companies.
All that said, being old enough to remember working under under the tail end of the standards scheme and other regulation, there are a couple of things to be considered that aren't mentioned in the article and typify the over-control end of the regulatory spectrum.
The standards schemes had acted - alongside the overwhelming complex import licensing regime - to reduce choice, increase costs and essentially protect local manufacturers who had no incentives to improve often poor-quality manufactured products, or to produce some types of product at all.
There was also a New Zealand standards approval regime that would not recognise standards from other countries and would require independent testing of imported and domestic products. I've been in the slightly surreal position of watching our own engineers explain how to test products to a local test lab becasue it had never seen a particular type of product before.
Frankly, I'd be right alongside accepting the TÜV certification from a group of inquisitive, well-equipped, experienced German engineers, or the results from the CSA labs in Canada.
As an example, the acceptance of reputable test standards here has finally been made possible for building products in the last couple of years, over the protests and scare tactics of the vested interests.
It also made life very difficult for manufacturers who needed imported content to make things: we had a number 8 wire mentality becasue the control regime made it so very difficult to get anything. The lasting impact was 'not invented here', and when local industry was suddenly and clumsily exposed to competition by the Labour government of the 80s, many couldn't evolve and failed - and that mass extinction event's legacy has been the ever-narrowing of our economy to tourism, agricultural commodities and selling houses to each other.
everyone could hold a two key encryption with realme, and share the public key with GP and specialists as you enter hospital etc, mind you 50% of the general population would struggle.
A decent fine system may sharpen the mind, along with personal liability via board and directors, which would force external audit signoff etc
You're right about that - it has to be simple to use. I sometimes wonder if we're going to end up with paper records again - albeit with digital indexing.
Any control system needs to be of a manageable complexity, appropriate to need and to degrade gracefully enough so it's recoverable. The current ones are assuredly not.
We welcome your comments below. If you are not already registered, please register to comment
Remember we welcome robust, respectful and insightful debate. We don't welcome abusive or defamatory comments and will de-register those repeatedly making such comments. Our current comment policy is here.