Private AI for Healthcare: Protecting Patient Data Under the My Health Records Act
Australian healthcare providers face one of the strictest data handling regimes in the country. The My Health Records Act 2012, the Privacy Act 1988, AHPRA codes of conduct, and state-level health records legislation create overlapping obligations that make cloud AI use with patient data legally fraught. Private AI deployed on-premises — inside the hospital or clinic — is the only approach that aligns cleanly with all of these obligations. This guide explains the legislative framework and the practical alternative.
Why Healthcare Is Different
In most industries, "sensitive data" is a matter of degree — financial records are more sensitive than marketing emails. In healthcare, sensitivity is encoded in law. Health information is treated as a special category of personal information under the Privacy Act, with additional protections under sector-specific legislation.
The relevant frameworks for an Australian healthcare provider considering AI:
| Legislation / Framework | What It Covers | Impact on AI Use |
|---|---|---|
| My Health Records Act 2012 | Information in the national My Health Record system | Criminal penalties for unauthorised disclosure (s 77) |
| Privacy Act 1988 | All personal information, with stronger protections for health info | APP 6, 8, 11 obligations on use, disclosure, security |
| State health records legislation | State-controlled patient records (e.g. Health Records Act 2001 Vic) | Adds state-level obligations on top of federal law |
| AHPRA Codes of Conduct | Professional standards for registered health practitioners | Patient confidentiality is a core professional obligation |
| Healthcare Identifiers Act 2010 | Use of healthcare identifiers (IHIs) | Restricts how identifiers may be used and disclosed |
| PCEHR Act / MHR Act | National e-health framework | Specific consent and access rules |
Any AI system used with patient data must be assessed against all of these. The compliance burden is significantly higher than in non-regulated industries.
The My Health Records Act in Detail
The My Health Records Act 2012 (formerly the PCEHR Act) established the national My Health Record system. Section 77 is the provision that healthcare providers and their AI use must contend with.
What Section 77 Says
In summary, s 77 makes it a criminal offence to:
- Collect health information from the My Health Record system without authorisation
- Use such information for purposes beyond those authorised under the Act
- Disclose such information to anyone not authorised to receive it
The penalties:
- Up to 600 penalty units (currently approximately AUD $187,800 for an individual at the 2026 penalty unit value)
- Up to 5 years imprisonment
- Both, in some circumstances
For organisations, the maximum penalty is 5 times the individual amount under the corporate multiplier — over AUD $900,000.
How This Intersects with AI
When a hospital staff member uses ChatGPT to summarise a discharge summary that was pulled from My Health Record, the chain of events is:
- Health information collected from MHR (authorised, in the staff member's professional capacity)
- Health information transmitted to a third party (OpenAI) — this is the problem step
- OpenAI processes the data on US servers
- OpenAI potentially retains the data
- OpenAI may share with subprocessors
Step 2 is disclosure to an unauthorised recipient. The staff member may not have intended to breach the Act, but the conduct is the breach.
Section 77 has criminal liability. This is not a soft administrative penalty — it is potential imprisonment for staff and significant fines for the institution.
What Counts as MHR Information?
The Act applies to information that is part of an individual's My Health Record. This includes:
- Shared health summaries
- Discharge summaries uploaded to MHR
- Specialist letters
- Pathology reports
- Imaging reports
- Pharmaceutical records
- Immunisation records
If a healthcare provider pulled the document from MHR, processed it, then put it into a cloud AI service, the Act applies. If the same document was created within the hospital's local system and never touched MHR, the Privacy Act and state legislation apply but s 77 does not.
The distinction matters less than it might seem — the Privacy Act and state laws cover essentially the same ground, with civil rather than criminal penalties.
The Privacy Act and Health Information
The Privacy Act 1988 defines "health information" as a subset of "sensitive information" — and sensitive information receives enhanced protection compared to ordinary personal information.
The key Australian Privacy Principles for healthcare AI:
APP 3 — Collection of Solicited Personal Information
Sensitive information (including health information) generally cannot be collected unless the individual consents AND the collection is reasonably necessary. AI use that involves new collections (e.g. generating new health insights from existing data) may require fresh consent.
APP 6 — Use or Disclosure of Personal Information
Personal information must only be used or disclosed for the primary purpose of collection, or for a directly related secondary purpose the individual would reasonably expect. Sending health information to a third-party AI service is a use/disclosure that the patient almost certainly did not reasonably expect.
APP 8 — Cross-Border Disclosure
The disclosing organisation is accountable for the overseas recipient's handling of the information. Sending health data to ChatGPT (US-based) puts the Australian healthcare provider on the hook for OpenAI's compliance with APPs they have no contractual right to enforce.
APP 11 — Security of Personal Information
Health information is highly sensitive, so the "reasonable steps" required to protect it are correspondingly higher. Cloud AI providers' security posture — which the healthcare provider cannot independently verify or control — is difficult to characterise as "reasonable" when on-premises alternatives exist.
AHPRA and Professional Obligations
The Australian Health Practitioner Regulation Agency (AHPRA) sets professional standards for registered health practitioners. The shared Code of Conduct for registered health practitioners includes:
Practitioners have a duty to protect the privacy and confidentiality of patient information. This duty extends to all information shared with the practitioner in the course of their professional role, irrespective of the format in which it is held.
When a practitioner shares patient information with a third-party AI service:
- The information has been disclosed beyond the practitioner-patient relationship
- The patient has not been informed (in most cases) that AI processing will occur
- The practitioner cannot verify how the AI provider handles the information
- The practitioner is potentially in breach of the Code's confidentiality obligations
For registered practitioners, this can result in:
- Notifications to AHPRA / Boards
- Professional disciplinary proceedings
- Restrictions on practice
- Cancellation of registration in serious cases
State Health Records Legislation
In addition to federal law, several states have specific health records legislation:
| State | Legislation | Key Provisions |
|---|---|---|
| Victoria | Health Records Act 2001 | Health Privacy Principles, complaints to Health Complaints Commissioner |
| NSW | Health Records and Information Privacy Act 2002 | HPPs, NSW Privacy Commissioner jurisdiction |
| ACT | Health Records (Privacy and Access) Act 1997 | Similar HPP framework |
| Other states | Privacy Act (Cth) applies via NHMRC guidelines and codes | Effectively similar standards |
For a Melbourne hospital, the Victorian Health Records Act applies in addition to the Privacy Act and the MHR Act. Each adds slightly different requirements but all share the same direction: health information must be handled with extreme care, and disclosure to third parties requires either consent or specific statutory authority.
Real Use Cases — and Why They Need Private AI
Use Case 1: Discharge Summary Review
A registrar wants to use AI to draft discharge summaries. They paste the patient's medical record into ChatGPT and ask for a structured summary.
| Risk | Cloud AI | Private AI |
|---|---|---|
| MHR Act s 77 disclosure | Material risk | None |
| Privacy Act APP 6/8 breach | Material risk | None |
| Patient confidentiality breach (AHPRA) | Material risk | None |
| State Health Records Act breach | Material risk | None |
| Useful output | Yes | Yes |
The functional outcome is the same. The compliance position is not.
Use Case 2: Clinical Document Search
A consultant needs to search prior cases in the hospital's records for similar patient presentations. Cloud AI search would require ingesting the entire clinical document corpus into the cloud — an enormous compliance burden.
Private AI with RAG indexes the documents locally. The consultant can search natural language ("patients with similar presentation to current case 12345") and get cited results from internal records — without any data leaving the hospital.
This is one of the most valuable use cases for private AI in healthcare: turning the existing clinical document repository into a searchable, queryable resource.
Use Case 3: Policy and Procedure Q&A
Hospital staff frequently need to find information in policies, guidelines, and procedures — clinical protocols, infection control, medication management, escalation criteria.
Private AI configured with RAG over the hospital's policy library lets any staff member ask "What's the policy on consent for minors?" and get an accurate, cited answer in seconds — instead of searching SharePoint or asking colleagues.
This is operational AI, not clinical AI — but it depends on the AI knowing the hospital's specific documents, which is exactly what private deployment enables and cloud AI cannot.
Use Case 4: Patient Education Material Drafting
A nurse practitioner wants AI assistance drafting patient education material based on the hospital's existing patient information sheets.
Private AI, trained on the hospital's existing patient resources, generates drafts in the hospital's voice, with hospital-specific contact details, in line with hospital standards. The drafts contain no patient information — they are templates — so even some cloud AI use would be acceptable here, but private AI gives a more useful result because it knows the hospital's existing materials.
The De-Identification Question
A common suggestion: "We'll de-identify the patient data before sending it to cloud AI."
This is harder than it sounds. The OAIC's guidance on de-identification (2018, updated 2023) notes that de-identification is a process, not a binary state. True de-identification requires:
- Removal of direct identifiers (name, address, MRN, DOB)
- Removal of quasi-identifiers (unique combinations of demographic/clinical features)
- Assessment of re-identification risk in context
- Ongoing review as auxiliary datasets emerge
For clinical narratives, this is technically difficult:
- Free-text notes often contain identifiers scattered throughout
- Unique clinical features (rare diagnoses, unusual presentations, specific dates) can re-identify
- Combinations of demographic information can be re-identifying even without explicit identifiers
- The recipient AI service may have access to other datasets that aid re-identification
For most clinical use cases, deploying private AI on-premises is simpler and more reliable than attempting to de-identify and use cloud AI. The de-identification approach also misses the broader compliance points (APP 6, AHPRA confidentiality) that apply even to de-identified data in some contexts.
The Private AI Approach for Healthcare
A private AI deployment in a healthcare setting looks like:
| Component | Implementation |
|---|---|
| Hardware | Server in the hospital's IT room (often co-located with existing clinical systems) |
| Model | Open-source LLM optimised for clinical tasks (Llama 3 70B, Gemma 4, or Med-PaLM-style fine-tuned models) |
| Document index | RAG over the hospital's documents — guidelines, policies, training material, anonymised case notes |
| Network | Internal hospital network only — no internet connectivity required for inference |
| Access control | Integrated with hospital's Active Directory / SSO — staff login is staff identity |
| Audit logging | All queries logged within the hospital's IT systems for compliance review |
| Integration | Can integrate with EMR, document management, intranet — all internal |
The system serves the same clinical and administrative use cases as cloud AI, but with the data flow contained entirely within the hospital's compliance perimeter.
For deeper context on the broader case for private AI in regulated settings, see our decision-maker's guide to private LLM deployment and our sovereign AI Australia guide.
Implementation Considerations for Healthcare
1. Clinical Validation
For any clinical-facing AI, validation against clinical decision-making standards is essential. Private AI deployment makes this easier because the system's behaviour is stable (no surprise model updates from a foreign vendor) and the institution can run its own validation studies.
2. Integration with Clinical Systems
Most healthcare AI value comes from integration with existing systems — EMR, PACS, document management. Private AI can integrate directly with these systems using internal APIs, without cross-organisation data transfer.
3. Staff Training and Change Management
Healthcare AI adoption succeeds when clinicians see immediate value. Starting with low-risk, high-value use cases (policy Q&A, document search) builds confidence before extending to more sensitive applications.
4. Governance Framework
A formal AI governance framework — covering approved uses, prohibited uses, audit processes, and incident response — is increasingly expected by regulators. Private AI deployment fits naturally within standard hospital IT governance.
5. Procurement and Funding
Healthcare procurement processes can be slow. Private AI deployments are typically structured as capital expenditure (hardware) plus operating expenditure (support), which fits standard hospital budget categories.
The AIRGAP LLM Perspective
AIRGAP LLM has deployed private AI systems in Australian healthcare settings — public health services, private hospitals, specialist clinics, and allied health practices. Every deployment is structured around the compliance requirements above:
- On-premises hardware in the provider's controlled environment
- No external data transmission for inference or routine operation
- Open-source models with no foreign vendor dependency
- Integration with existing clinical and administrative systems
- Audit logging aligned with hospital governance requirements
For healthcare providers evaluating private AI deployment, we offer a confidential initial consultation to assess your specific compliance obligations, clinical use cases, and infrastructure requirements.
Contact AIRGAP LLM to discuss private AI for your healthcare organisation.
Frequently Asked Questions
Can healthcare providers in Australia use ChatGPT with patient data?
No, not safely. The My Health Records Act 2012 imposes criminal penalties (section 77) for unauthorised collection, use, or disclosure of health information held in the My Health Record system. The Privacy Act 1988 imposes additional obligations on health information generally. Sending patient information to a cloud AI provider constitutes disclosure to an overseas recipient and potentially triggers multiple compliance issues. Healthcare providers should not use cloud AI with identifiable patient data.
What does Section 77 of the My Health Records Act actually say?
Section 77 of the My Health Records Act 2012 makes it a criminal offence to collect, use, or disclose health information held in the My Health Record system except in specific authorised circumstances. Penalties include fines of up to 600 penalty units and/or imprisonment for up to 5 years. The provision applies to organisations and individuals — including practitioners who provide patient data to unauthorised third parties such as cloud AI services.
Are there approved AI tools for Australian healthcare?
There is no formal Australian government certification scheme for healthcare AI tools as of 2026. The Therapeutic Goods Administration (TGA) regulates software as a medical device (SaMD) where the AI provides diagnostic or therapeutic functions. For non-clinical AI (document search, summarisation, administrative work), there is no specific approval pathway. The compliance burden falls on the healthcare provider to ensure any AI tool meets their obligations under the Privacy Act, My Health Records Act, AHPRA codes, and applicable state health records legislation.
How can hospitals use AI without breaching health information laws?
The safest path is on-premises private AI deployment. With a private AI system running inside the hospital's network, patient data never leaves the hospital's controlled environment. There is no cross-border disclosure, no third-party processing, and no foreign jurisdiction issue. This approach aligns with the My Health Records Act, the Privacy Act 1988 (APPs 6, 8, 11), and AHPRA's expectations around patient confidentiality.
What about de-identifying patient data before using cloud AI?
De-identification helps but is rarely a complete answer. True de-identification — removing all information that could re-identify a patient — is technically difficult for clinical narratives. Names, dates, addresses, MRN numbers, and unique clinical features can persist in subtle ways. The OAIC has noted that de-identification claims should be tested rigorously. For most clinical applications, on-premises AI processing of identified data is simpler and more reliable than attempting to de-identify before cloud transmission.