AI Governance for Australian Healthcare

TGA — Medical Devices

AI that meets the definition of a medical device under the Therapeutic Goods Act 1989 must be registered with the TGA before supply in Australia. The Software as a Medical Device (SaMD) guidance applies to clinical AI — including diagnostic support, treatment recommendation, and patient risk stratification tools.

AHPRA Standards

Health practitioners using AI in clinical practice must satisfy AHPRA registration standards. AI does not displace the practitioner's obligation for clinical judgment — adequate supervision of AI-assisted clinical work is a professional obligation.

My Health Record Act

AI systems accessing or processing My Health Record data must comply with the My Health Records Act 2012 and the strict permitted purposes for data use. Unauthorised access or disclosure carries significant civil and criminal penalties.

Privacy Act — Health Information

Health information is sensitive information under the Privacy Act 1988 — stricter obligations apply. AI processing patient health information requires explicit consent in most circumstances and heightened security measures (APP 11).

OAIC Health Data Guidance

The OAIC has specific guidance on AI and health data — including purpose limitation, data minimisation, and transparency obligations. Routine health AI deployments should be assessed against this guidance before deployment.

State Surveillance Laws

State-based health records legislation and surveillance device laws may apply to AI monitoring systems used in healthcare settings — requirements vary by jurisdiction.