Clinical AI governance under TGA, AHPRA, OAIC, and ACSQHC.

AI scribes, diagnostic imaging, clinical decision support, and telehealth AI are reshaping patient care. The TGA's Software as a Medical Device grace period ended November 2024. Four regulators now apply to the same clinical workflow. Generic AI frameworks do not address the risks Australian healthcare organisations actually face.

Run the free AI risk calculator

Built for

Hospital boards & clinical governance Chief medical officers GP practice principals Health tech founders Privacy & risk leads
We work against: TGA SaMD / AHPRA guidance (Aug 2024) / OAIC AI privacy guidance / ACSQHC clinical AI guides (Aug 2025) / NSQHS Standards / Privacy Act & APPs / My Health Records Act

What a healthcare engagement delivers.

Full engagement methodology

Clinical AI inventory & SaMD classification

A documented map of AI scribes, imaging AI, decision support, and operational AI, each assessed against TGA Software as a Medical Device criteria.

"Before-while-after" governance

ACSQHC-aligned clinical governance covering use-case confirmation, deployment controls, and ongoing monitoring against the NSQHS Standards.

Practitioner-ready policies

AHPRA-aligned protocols for AI scribe consent, verification, bias awareness, and professional indemnity coverage in clinical settings.

Health data evidence pack

Privacy Act, APP 8 cross-border, and My Health Record breach documentation that the OAIC and System Operator can work through end to end.

Four pressures specific to clinical AI.

Patient safety, practitioner liability, health data sovereignty, and multiple overlapping Australian regulators make healthcare AI more complex than any other sector. The TGA SaMD grace period ended in November 2024, and the obligations are now live.

  1. 01
    In force

    TGA Software as a Medical Device captures clinical AI.

    The TGA's Software as a Medical Device (SaMD) grace period ended November 2024. Clinical decision support systems, AI scribes with diagnostic features, and predictive triage algorithms may require ARTG registration. The Therapeutic Goods Administration classifies AI software using IMDRF risk factors. Adaptive AI and LLMs create new classification questions, and post-market surveillance for AI that evolves after deployment is now expected.

    Run a TGA SaMD classification
  2. 02
    Active

    AHPRA keeps the practitioner accountable.

    AHPRA's August 2024 guidance is clear: practitioners are "ultimately responsible" for AI used in their practice. That covers checking AI scribe accuracy, understanding bias risks for Aboriginal and Torres Strait Islander communities, holding professional indemnity insurance that covers AI use, and verifying AI-generated clinical documentation. Nearly 1 in 4 GPs are already using AI scribes, and many organisations lack policies that consistently translate AHPRA obligations into practice.

    Develop practitioner-ready policies
  3. 03
    Active

    Health data carries the strictest privacy load.

    Health information is classified as "sensitive information" under the Privacy Act and the Australian Privacy Principles. AI scribes process consultation recordings. Diagnostic imaging AI analyses patient scans. The OAIC has issued dual AI guidance for developing and using AI products. APP 8 governs cross-border data flows to offshore AI providers. The National Health Privacy Rules 2025 add new requirements for claims information, and My Health Record mandatory breach notification applies to the OAIC and System Operator.

    Assess privacy compliance
  4. 04
    Published Aug 2025

    ACSQHC sets the clinical governance pattern.

    The Australian Commission on Safety and Quality in Health Care released pragmatic AI guides for clinicians in August 2025. The guides build on the NSQHS Standards and recommend a "before-while-after" governance approach: confirm the clinical use case before implementation, build on existing patient safety and digital health governance during deployment, and maintain ongoing monitoring. 88% of consultation respondents said healthcare AI decisions should always have a "human in the loop."

    Build ACSQHC-aligned clinical governance

Healthcare AI use cases that need governance.

Each AI application carries a different risk profile, regulatory expectation, and patient safety implication. The governance scope follows the use case.

01
AI scribes (ambient documentation)
High adoption 路 Variable governance
02
Diagnostic imaging AI
TGA registration likely
03
Clinical decision support
TGA registration likely
04
Predictive deterioration & triage
TGA SaMD assessment
05
Telehealth & remote monitoring AI
Medium 路 APP 8 + AHPRA
06
Operational & rostering AI
Lower regulatory burden

Healthcare organisations we work with.

Engagements are scoped for the clinical and operational reality of each organisation, from a single-site GP practice to a multi-state hospital group or a health tech business preparing for TGA submission.

01

Hospitals & health districts

Public and private hospitals, local health districts, and state health departments deploying AI across clinical and operational settings. Governance built around NSQHS accreditation, ACSQHC clinical governance, and OAIC privacy obligations.

02

GP practices & specialist clinics

General practices, specialist medical centres, and allied health providers adopting AI scribes and clinical decision support. AHPRA obligations translated into protocols clinicians will actually use.

03

Health tech & digital health

SaMD developers, AI scribe providers, clinical decision support vendors, telehealth platforms, and health data analytics businesses. Includes TGA classification, investment-ready governance, and cross-jurisdictional EU + AU compliance.

04

Pathology, radiology & allied health

Pathology providers, radiology groups, and allied health organisations using diagnostic imaging AI and machine learning analytics. Risk management designed for the high-volume, high-stakes nature of imaging-driven decisions.

Tracks built for clinical and digital health.

Three tracks sized for healthcare regulation, scoped against the four-regulator environment. Engagements typically run six to twelve weeks with phased milestones.

Track A

Clinical governance

ACSQHC-aligned clinical governance, NSQHS Standards integration, human oversight protocols, and "before-while-after" implementation guides for clinical AI.

Track B

TGA & assurance

SaMD classification, ARTG registration strategy, post-market surveillance for adaptive AI, clinical evidence planning, and independent audit of clinical AI.

Track C

Privacy & EU readiness

OAIC health data alignment, APP 8 cross-border controls, My Health Record breach preparedness, and EU AI Act readiness for health tech entering European markets.

Healthcare AI is moving faster than governance.

Start with the AI Risk Calculator for a baseline view in under five minutes. From there we can map your clinical and operational AI against TGA, AHPRA, OAIC, and ACSQHC expectations, and outline the work needed to close any gaps.

Run the free calculator

Get in Touch