Privacy, governance and your plan.
We opened with privacy and we close with it, because in a clinic it's the thing that holds everything else up. The good news is that running AI safely doesn't take a law degree or a big compliance project. It takes a few clear rules, written down, and a habit of keeping a clinician in charge. Here's how to lock that in, then a calm plan to put the whole course to work.
The Privacy Act, in plain English
Patient information is health information, which the Privacy Act and the Australian Privacy Principles treat as sensitive. Stripped of the legalese, what that asks of you is sensible:
- Collect and use it for a clear purpose, with consent where it applies. People should understand why you hold their information and roughly how it's used.
- Keep it secure, and only let the people who need it see it. That includes any tool you bring in: you're responsible for where patient data goes.
- Be open about it, and give patients a way to ask what you hold and to opt out of contact. A current privacy policy that mentions the tools you use covers a lot of this.
None of that blocks AI. It just means you choose tools that handle data properly, you tell patients plainly, and you keep a person accountable. If a clinic ever holds a notifiable breach, that's exactly the territory you're protecting against by being careful up front.
Your one-page clinic AI policy
The single most useful governance step is a short, plain policy the whole team can follow. Not a binder, one page. It lets people use AI with confidence instead of guessing, and it shows patients and any auditor that you've thought it through. Cover these:
- Approved tools. Which AI tools the clinic uses (your scribe, your booking and reception setup), and the rule that nothing else touches patient data without a tick-off.
- What data goes where. Patient information stays in your practice system and approved healthcare tools. It never gets pasted into a general consumer chatbot.
- Consent wording. The short line staff use for the AI scribe, and where consent gets recorded.
- Human oversight. Who reviews and signs clinical notes, and the rule that anything clinical, distressed or urgent reaches a person.
- Who owns it. A named person responsible for the policy, for reviewing tools, and for handling a question or a complaint.
Write it once, keep it on a page, and revisit it when you add a tool. The workbook gives you a template to fill in, and if you want to go deeper on writing one, our AI policy and safe-use course walks through it step by step.
Human oversight is the rule, not the exception
If you remember one thing, make it this. Automation carries the routine load; a clinician stays in charge of the care. The AI scribe drafts, you sign. The booking system takes the simple appointments, your team handles the rest. The phone line answers the easy calls, a person takes anything clinical or distressed. Across every tool in this course, the human-in-the-loop principle is what keeps it safe, and it's what lets you move quickly without lying awake about it. Speed on the boring 30 percent, your judgement firmly on the 70 percent that needs it.
Your first 90 days
Turn it into a calm plan, not a big bang. A clinic that moves steadily beats one that tries everything and stalls. A simple shape that works:
- Weeks 1 to 2: see and decide. Run the time-leak audit from lesson one. Pick your first one or two changes, the ones that hurt most, and draft your one-page AI policy.
- Weeks 3 to 6: prove one thing. Trial your first pick properly, usually the AI scribe with one clinician, or switching on reminders. Measure it against the old way. Keep consent and review tight.
- Weeks 7 to 12: widen and add. If it's working, roll it to the team and add the next piece: online booking for simple appointments, a recall cycle, or AI reception. Review the policy as you go.
By the end of a quarter you'll have one or two proven wins, a team that trusts the approach, and a written policy keeping it all safe. That's a strong foundation, and a far better place to be than where most clinics start.
Keep the summary handy
To make this stick, grab the free one-page summary: where clinic time leaks, the privacy ground rules, the AI scribe consent and review check, the booking and phone setup, the recall and no-show plan, and a space for your first moves. Print it, pin it in the staff room, and the whole course is in arm's reach.
A few quick questions to lock it in. No marks recorded, just for you.
Answer all the questions to continue.
That's the course done. Nice work.
You've got the full picture now: where clinic time leaks, AI scribes done safely, AI reception and online booking, fewer no-shows, and the privacy and governance that hold it together. Here's what to do next.
Answer the quick check above to unlock this.
Now put it to work
Turn all this into action with the fill-in workbook: audit your time leaks, write the AI-scribe consent and review checklist, plan your recall and reactivation, draft a one-page clinic privacy policy, and set a 90-day plan. Pop your email in and work through it with the team.
You're in.
Your fill-in workbook is ready. Open it below, then type straight into it or print it to work through with your team.
Open your workbookSave your progress
Pop your email in and we'll send you a link to pick up where you left off, on any device. No account needed.
Saved.
Check your inbox for a link to continue on any device.
Keep learning at your own pace.
The other free JDCS courses go broader on AI and automation, and the guides dig into the parts that matter most to how you run a practice.
Want a hand putting this to work in your clinic?
Tell me a little about how your clinic runs and I'll come back with a plain-English read on where AI would help most, and the consent and oversight to put around it first. The first conversation is free, and you keep the plan either way.
Got it, thanks.
That's landed with me. I'll read it properly and come back with a plain-English plan, usually within a few hours and always within one business day.