AI Tools in Healthcare: What Australian Compliance Law Actually Requires
The compliance gap nobody checks until it is too late
A physio clinic in Geelong signs up for an AI booking assistant. It answers calls, books appointments, sends reminders, chases no-shows. Within a month the front desk is calmer and the calendar is fuller. Nobody asks where the patient data goes.
Six months later someone does. The answer is a server in Ohio.
That is the gap. Most practices adopting AI tools are thinking about time saved. Very few are thinking about the four or five different laws that govern what those tools are allowed to do with health information. And in Australia, health information is about the most heavily protected category of personal data there is.
This is a plain guide to what actually applies.
Your vendor's compliance is not your compliance
Here is the first thing to get straight. When a software vendor tells you their tool is "compliant," that covers them. It does not cover you.
Under Australian privacy law, the practice that collects the patient data is the one responsible for it. You can outsource the work. You cannot outsource the obligation. If your AI tool mishandles a patient's information, the regulator comes to you first.
So the job is to understand what the law asks of you, then check the tool lets you meet it.
Start with the Privacy Act, because it always applies
Every private health provider in Australia is covered by the Privacy Act 1988 and its Australian Privacy Principles. Two of them matter most for AI tools.
APP 6 governs what you are allowed to do with information once you have it. The rule is straightforward. You can use patient data for the reason you collected it. Using it for anything else needs consent, or it needs to fall inside a narrow set of exceptions. Health information counts as sensitive information, which makes the test stricter again. So if an AI vendor wants to use your patient data to train its models, that is a secondary purpose, and it almost certainly needs explicit consent. Read the data clauses in the contract before you sign.
APP 11 governs keeping that information secure. You have to take reasonable steps to protect it from loss, misuse and unauthorised access. This one got sharper recently. Since 11 December 2024, a new APP 11.3 spells out that reasonable steps include technical and organisational measures. Encryption, access controls, audit logs, and a documented process behind them. Vague assurances no longer clear the bar.
Then check which state you are in
This is where healthcare gets more tangled than most industries, and where a lot of generic advice falls over.
The Privacy Act is federal. On top of it, some states run their own health records laws, and a private clinic has to comply with both.
If your practice is in Victoria, you also answer to the Health Records Act 2001 (Vic). In New South Wales, it is the Health Records and Information Privacy Act 2002 (NSW). In the ACT, the Health Records (Privacy and Access) Act 1997 (ACT). Each of these carries its own set of health privacy principles sitting alongside the federal ones.
Queensland, the Northern Territory and Tasmania have health privacy laws that bind only the public sector, so a private clinic there works to the federal Act. Western Australia and South Australia have had no specific health privacy statute, though WA's Privacy and Information Sharing Act 2024 is now coming into effect, so that picture is shifting.
The takeaway is not to memorise all of this. It is to know that "compliant in Australia" is not one single standard. Where your practice sits changes the answer.
The My Health Record trap most tools walk straight into
If your practice connects to My Health Record, there is one rule that catches AI tools more than any other.
The My Health Records Act 2012 bans handling My Health Record data outside Australia. Not discourages. Bans. And you cannot consent your way around it. A patient signing a form does not lift the prohibition. It is absolute, and it reaches your contracted service providers, which includes your software vendors.
Now think about where most AI tools run. Cloud infrastructure in the United States. Models processed offshore. If a tool touches My Health Record information and any part of that processing happens overseas, the practice is exposed to serious civil and criminal penalties.
Once information from My Health Record is downloaded into your own local system, most of the My Health Records Act rules stop applying, and you are back under the Privacy Act and your state law. It is the live connection to the national system that carries the strictest rules.
If your AI writes your marketing, read this
Plenty of AI tools now draft social posts, website copy and review responses. For a health practice, that runs straight into AHPRA.
Section 133 of the Health Practitioner Regulation National Law sets the rules for advertising a regulated health service. The one that trips people up is the ban on testimonials. You cannot use testimonials about clinical care in your advertising. That includes patient reviews displayed on your own website.
So if an AI tool is pulling five-star Google reviews about a doctor's skill and posting them to your homepage, that is a breach, even though a human never typed it. The line AHPRA draws is between clinical and non-clinical. A review praising the treatment or the outcome is off limits. A comment about easy parking or a friendly receptionist is generally fine.
Advertising rules here keep moving. New cosmetic advertising rules landed in September 2025, and the testimonials ban itself has been under review for years. Whatever your tool does with reviews and marketing copy, a human who knows the current rules should sign off before anything goes live.
Where admin automation ends and medical device territory begins
One quick boundary, because it worries people more than it should.
Booking, reminders, follow-ups, intake forms. This kind of administrative automation is not a medical device, and the TGA does not regulate it. The TGA's own rules specifically carve out electronic patient data management and technology that enables telehealth.
The line you cannot cross is clinical. The moment a tool starts informing, driving or replacing a clinical decision, say by suggesting a diagnosis or a treatment, it can become Software as a Medical Device and a whole regulatory regime switches on. For most front-desk automation you are nowhere near that line. Worth knowing where it sits anyway.
None of this is a reason to avoid AI
The time AI gives back to a stretched front desk is real. The practices that get this right will run rings around the ones still buried in phone tag.
The point is smaller and more practical. Health data carries rules that a tool built for a gym or a law firm was never designed around. You just have to pick tools that were. Our guide on choosing AI for your healthcare business covers what to look for beyond compliance.
What compliant automation actually looks like
Three examples from typical practice workflows.
Front desk. An AI agent answers the phone, books appointments and handles common questions. Done properly, it runs on Australian infrastructure, collects only what the booking needs, and never repurposes that data. That is APP 6 and APP 11 handled at the design stage rather than patched on later. We have also ranked the best AI receptionists for healthcare practices separately.
Reminders and cancellation backfill. When someone cancels, a Briick Workflow can offer the slot to the next patient on the waitlist automatically. The trick is that it messages only the people who agreed to that contact, and it logs every message. Consent and audit trail, built in.
Reviews. Rather than auto-posting patient testimonials, a well-built workflow routes new reviews to a staff member, flags anything that reads as clinical praise, and drafts a compliant reply for a human to approve. The AHPRA risk gets caught before it is published, not after.
Where a voice-first operator fits
This is where @Briicky earns its place. Briicky is Briick's voice AI Operator, the one that actually picks up the phone and holds the conversation with a patient.
Because it works inside a defined Briick Workflow, it stays within the same guardrails every time. It collects only what the booking needs. It hands anything clinical to a person. It keeps the record. The compliance is not something bolted on after the fact. It is the shape of the workflow itself. That is the difference between an AI agent that happens to work in healthcare and one built for it. See how Briick approaches AI automation for healthcare practices.
Five questions to ask any AI vendor
Before you sign with any AI vendor, ask these.
Where is our patient data stored and processed, and is any of it offshore. Do you use our data to train your models, and if so how is consent handled. Can you show me your encryption, access controls and audit logging. If we connect to My Health Record, can you guarantee nothing leaves Australia. And who signs off on anything customer-facing your tool generates.
If a vendor cannot answer those cleanly, that is your answer.
Frequently asked questions
Here are the questions we hear most.
Do these rules apply to a small single-clinician practice?
Yes. The Privacy Act covers private health service providers regardless of size, because health providers are captured even under the usual small business threshold. State health records laws apply the same way.
Our AI vendor is based overseas. Is that automatically a problem?
Not automatically for general patient data, as long as it is handled to Australian standards and the cross-border rules under APP 8 are met. It is a hard stop for My Health Record data, which cannot be handled outside Australia at all.
Can we display Google reviews on our website?
Only with care. Reviews about clinical care count as testimonials and are prohibited in advertising under section 133. Reviews about non-clinical things like parking or reception are generally allowed. If in doubt, leave it off.
Does an AI booking tool need TGA approval?
No. Administrative automation is not a medical device. TGA regulation only starts if the tool moves into clinical decision support.
What is the single biggest compliance risk with AI tools in healthcare?
Data leaving Australia without anyone realising, especially My Health Record data. It is the easiest rule to break by accident and one of the most serious.
Is patient consent enough to cover us?
Often, but not always. Consent handles a lot under the Privacy Act. It does not override the My Health Record overseas ban, and it does not make a prohibited testimonial acceptable.
TLDR Summary
- You are on the hook, not your vendor. The practice that collects patient data owns the compliance obligation, whatever a tool claims.
- The Privacy Act always applies. APP 6 limits what you do with data, APP 11 covers security, and the new APP 11.3 (Dec 2024) demands real technical and organisational measures.
- Your state changes the answer. Victoria, NSW and the ACT have their own health records laws on top of the federal Act.
- My Health Record data cannot leave Australia. The ban is absolute, consent cannot override it, and most AI tools run offshore.
- AHPRA section 133 bans clinical testimonials. If your AI reposts patient reviews about care, that is a breach.
- Admin automation is not a medical device. The TGA only steps in when a tool supports clinical decisions.
- Ask five vendor questions before signing, covering data location, model training, security, My Health Record, and human sign-off.


