Dieser Artikel ist derzeit auf Englisch verfügbar.
AI in Australian Healthcare: TGA, Privacy Act, and Clinical Governance
Clinical AI in Australia sits at the intersection of TGA medical device regulation, Privacy Act health information obligations, state-based health records laws, and professional indemnity obligations. Here is what healthcare organisations need to know.
Key Takeaways
AI used in clinical diagnosis, treatment recommendation, or triage is likely a Software as a Medical Device (SaMD) regulated by the TGA — requiring regulatory clearance before deployment in Australian clinical settings.
Health information is sensitive information under the Privacy Act with heightened obligations. AI training on patient data requires careful analysis of APP 3 collection purpose and APP 6 use and disclosure.
State-based health records legislation (Health Records Act in Victoria, Health Records and Information Privacy Act in NSW) creates additional obligations for health information AI in those states.
Automation bias — clinicians over-relying on AI recommendations — is a documented clinical risk that Australian healthcare AI governance must explicitly address.
The Australian Commission on Safety and Quality in Health Care has published guidance on AI in clinical settings that healthcare organisations should treat as the Australian standard of care baseline.
"Nur zu Informationszwecken. Dieser Artikel stellt keine rechtliche, regulatorische, finanzielle oder professionelle Beratung dar. Konsultieren Sie einen qualifizierten Spezialisten für spezifische Beratung."
The Australian healthcare AI regulatory stack
Australian healthcare AI sits at the intersection of federal and state regulation in ways that make governance particularly complex. At the federal level: the Therapeutic Goods Administration regulates AI medical devices; the Privacy Act 1988 governs health information as a category of sensitive information; Medicare compliance obligations apply to AI used in billing and clinical coding; and professional registration boards set standards for clinical practice. At the state level: health records legislation in Victoria and NSW creates additional obligations; state health department policies govern AI in public health systems; and clinical governance frameworks vary by state and health service.
TGA regulation of clinical AI as Software as a Medical Device
The TGA regulates software — including AI — that is intended to be used for therapeutic purposes as a medical device. A clinical AI system is likely to meet the definition of a medical device (and specifically Software as a Medical Device) if it is intended to: diagnose, prevent, monitor, treat, or alleviate a disease or condition; diagnose, monitor, treat, alleviate, or compensate for an injury or disability; investigate, replace, or modify anatomy or a physiological process; or support or sustain life.
Common clinical AI applications that may be SaMD: diagnostic imaging AI that identifies pathology; clinical decision support that recommends diagnoses or treatments; vital signs monitoring AI that generates clinical alerts; AI that triages patients by risk or urgency; and documentation AI that generates clinical coding for Medicare billing purposes. If your AI falls into one of these categories, TGA clearance may be required before deployment in Australian clinical practice. Deploying an uncleared SaMD creates serious regulatory and liability exposure.
The TGA's regulatory pathway for SaMD depends on classification, which in turn depends on the intended purpose and the risk level. Class I SaMD (low risk) can self-declare conformity. Class IIa, IIb, and III SaMD (increasing risk) require conformity assessment by a TGA-recognised conformity assessment body. The classification process is not straightforward for AI systems and should involve regulatory affairs expertise.
Privacy Act obligations for health information AI
Health information is sensitive information under the Privacy Act, attracting heightened obligations compared to ordinary personal information. The practical implications for healthcare AI: APP 3 requires explicit consent for collection of sensitive information unless a health exception applies. Using existing patient records to train AI models may not meet this threshold if consent was not obtained at collection for AI training purposes. APP 6 restricts use and disclosure of health information to the primary purpose of collection or secondary purposes permitted by exception. This creates direct friction with AI training pipelines that use historical patient data for purposes beyond the patient's original care. APP 11 requires reasonable security measures for sensitive information — AI systems processing health information must be assessed against a higher security standard than general personal information systems.
Automation bias in clinical settings: a governance imperative
Automation bias — clinicians giving disproportionate weight to AI recommendations over their own clinical judgment — is a documented risk in clinical AI deployment. Time pressure, cognitive load, and the apparent objectivity of AI outputs all contribute to this pattern. The clinical consequences are not hypothetical: multiple studies have documented cases where automation bias led to delayed diagnosis or inappropriate treatment because clinicians did not adequately interrogate AI recommendations that were incorrect.
Australian healthcare AI governance must explicitly address automation bias. This means: training clinicians on the limitations of specific AI systems they use; establishing protocols that require independent clinical assessment before acting on AI recommendations in high-stakes decisions; monitoring for over-reliance on AI through audit of clinical decision patterns; and designing AI systems to present uncertainty in ways that encourage rather than suppress independent clinical judgment. The Australian Commission on Safety and Quality in Health Care's guidance on AI treats explicit automation bias management as an element of safe AI deployment.