AI Governance Navigator

Step 1 — context

Tell us about your AI initiative

We'll map it to relevant frameworks and surface your governance obligations.

What type of organisation are you in?

Health provider / hospital

Public or private health system, hospital network, aged care provider

HealthTech / MedTech company

Building AI-powered health products, SaMD, or clinical decision support tools

Digital health / health insurance

Digital platforms, PHI management, primary care, telehealth

Government / public sector

State or federal health agencies, PHNs, policy bodies

Briefly describe what you are building or deploying

Step 2 — risk assessment

Assess the risk profile

Five questions that determine your regulatory obligations and governance requirements.

1. Does this AI directly influence clinical decisions or patient outcomes?

Yes — directly informs diagnosis, treatment, triage or care pathways

Partially — supports decisions but a clinician always reviews

No — admin, scheduling, documentation or back-office only

2. Does it process personal health information (PHI)?

Yes — ingests or outputs identifiable patient data

Partially — de-identified or aggregated data only

No — no patient data involved

3. What does this AI output — and who acts on it?

Clinical diagnosis, treatment recommendation, or triage decision

e.g. flagging a condition, recommending a medication, triaging urgency — output influences a clinical decision

Health information, guidance, or responses to health questions

e.g. AI chat that answers "should I take this medication?", symptom checkers, health advice tools — even if not branded as clinical

Operational or administrative health output — TGA status not yet assessed

e.g. scheduling, coding, documentation, billing — but we haven't confirmed whether TGA applies

Purely administrative or workflow — no health recommendations or clinical influence

e.g. rostering, HR, finance, supply chain — no output that informs a health decision

4. Will it operate autonomously without human review of each output?

Yes — outputs are acted on automatically

Sometimes — human-in-the-loop for high-stakes outputs only

No — a human reviews every output before action is taken

5. Does your organisation operate in or sell into international markets?

Yes — Europe or US (EU AI Act and/or FDA obligations apply)

In consideration — international expansion is planned

No — Australia only

Step 3 — risk profile

Risk profile

Lower complexityHigher complexity

—

Risk tier

—

Frameworks

—

Gaps found

Applicable frameworks

Step 4 — governance gaps

Gaps to address

Prioritised by risk level. High-priority items should be resolved before deployment.

Step 5 — outputs

Governance documents

Ready-to-use starting documents for your team, board, or regulatory submissions.

What next?

Use these outputs to brief your team and board. For a full implementation roadmap — including timelines, workstreams and accountability mapping — restart the assessment or engage a governance specialist.

Assess your health AIgovernance obligations.

Assess your health AI
governance obligations.