Skip to main content

AI Medical Receptionists and AHPRA Rules: What Australian Clinics Need to Know

By Justine Coupland, RN — AHPRA-registered nurse & automation specialist··9 min read

If you run a clinic, your phone line isn't just a phone line. Every word spoken to a patient or prospective patient counts as regulated healthcare communication under Australian law, whether it comes from your practice manager, a locum, or a piece of software answering the call. Handing that line to an AI receptionist doesn't change what's allowed to be said, it just changes who (or what) is saying it. This is a practical look at where the rules actually apply, grounded in what's real, not a legal opinion.

This isn't legal advice, if you need a definitive read on how the National Law applies to your specific practice, talk to your medico-legal advisor or AHPRA directly. What follows is what to check before you put an AI receptionist on your clinic's line.

Why is a clinic's phone line treated as regulated speech?

Health practitioner advertising in Australia is governed by section 133 of the Health Practitioner Regulation National Law, enforced by AHPRA. Section 133 restricts advertising that's false, misleading, deceptive, that creates unreasonable expectations of benefit, or that uses testimonials about clinical care. It applies to "advertising" broadly, not just paid ads or brochures, and the safest working assumption for any patient-facing communication, phone included, is that the same standard of care applies. A phone call where someone claims a treatment guarantees a result, or implies one practitioner is better than another, sits in the same risk category as a misleading ad, regardless of who or what said it.

For an AI medical receptionist, this means the script it follows needs to be built with the same discipline you'd apply to a website or a brochure, not treated as informal chat because it happens over the phone.

What must an AI receptionist never say to a caller?

A handful of things should be hard rules in any clinic phone script, human or AI:

  • No diagnosis or medical advice. An AI receptionist can take a message describing symptoms and pass it to clinical staff, but it should never suggest what's wrong with someone or what they should do about it clinically. That's a judgement call for a registered practitioner, not a booking system.
  • No outcome guarantees. Phrases implying a treatment "will definitely work" or "always gets results" cross into the territory Section 133 specifically restricts.
  • No testimonials in the call itself. Reading out a patient review or saying "our patients love this treatment" during a phone conversation is the same restricted conduct as publishing a testimonial anywhere else.
  • No invented discounts or offers. If a caller asks about pricing or promotions, the AI should only reference what's actually current and approved, never generate a plausible-sounding discount on the spot.
  • No confirming whether someone is a patient of the clinic. This applies to any caller, including someone who says they're a family member, a debt collector, or another business. Confirming patient status to an unverified caller is a privacy breach regardless of how reasonable the request sounds.
  • No comments on other practitioners or clinics. Comparative or disparaging remarks about competitors sit outside what a clinic's front-of-house communication should ever say.

The practical test worth applying to any AI receptionist script: would you be comfortable if a human receptionist said exactly this, word for word, and it ended up as evidence in a complaint? If not, it shouldn't be in the AI's script either.

What recording disclosure does a clinic actually need to give?

If calls are recorded or transcribed, and most AI receptionists do both, callers need to be told. Recording consent requirements vary by state, some are single-party consent, others require all parties to be told a call is being recorded before it continues. Rather than working out which rule applies per state, the simplest and safest approach is to disclose recording on every call, everywhere, regardless of where the caller is ringing from. A well-configured AI receptionist should open every call the same way: identifying itself as an AI assistant and disclosing that the call is recorded, before the conversation goes any further. That single habit clears the strictest consent standard in the country, so there's no state-by-state guesswork.

What happens when a caller describes an emergency?

This is one of the highest-stakes moments in any clinic call, and it's worth asking any vendor exactly how their system handles it before you sign anything. The AI shouldn't attempt to triage clinically, that's not its job and it's not qualified to do it. What it should do is recognise urgency cues in what the caller says (chest pain, difficulty breathing, severe allergic reaction, and similar) and give a clear, immediate instruction to call 000 or attend the nearest emergency department, then flag the call as urgent to your nominated staff contact. No hold music, no ambiguity, no attempt to book a routine appointment for something that needs immediate attention.

Ask any provider to show you exactly what their emergency escalation script says, and ask them to demonstrate it on a test call before you go live.

Where should patient call data actually be stored?

Health information collected over the phone, names, contact details, reason for calling, is a health record for the purposes of the Privacy Act 1988 and the Australian Privacy Principles, and it should be treated with the same care as any other clinical record. A few things worth confirming with any AI receptionist vendor:

  • Australian-hosted storage. Ask specifically where recordings and transcripts are stored, and for how long. Some AI platforms default to overseas servers unless you specifically configure Australian hosting.
  • Minimum necessary collection. A well-built medical AI receptionist collects what a good human receptionist would jot on a message pad, name, contact number, reason for calling, urgency, not an open-ended probe for extra health detail it doesn't need.
  • Access controls. Transcripts and messages should only go to the contact points your clinic nominates, not sit in a shared inbox anyone on staff can open.
  • Breach notification. If something does go wrong, the Notifiable Data Breaches scheme applies to health information the same way it applies to any other personal information a business holds, and your clinic should be notified without delay by the vendor, not find out after the fact.

Our own approach to this is detailed on our data handling and security page, which is worth reading regardless of which vendor you end up choosing, as a benchmark for what to ask.

What questions should you ask any AI receptionist vendor before signing up?

  1. Can you show me the exact script your AI uses to open a call, including the disclosure language?
  2. Where is call data stored, and is it hosted in Australia?
  3. What happens when a caller describes emergency symptoms? Can you demonstrate this on a live test call?
  4. How does the system handle a caller asking to confirm whether someone is a patient?
  5. Who reviews call transcripts for compliance issues, and how often?
  6. What's your process if a regulation or advertising guideline changes? How do you know which scripts need updating?
  7. Can I see your data retention and deletion policy in writing?

If a vendor can't answer these clearly and specifically, that's a signal worth taking seriously before you hand them your clinic's phone line.

Frequently asked questions

Does Section 133 apply to phone calls, not just written advertising?

Section 133 of the National Law is about advertising conduct broadly, and its core restrictions, no misleading claims, no unreasonable expectation of benefit, no testimonials about clinical care, are the standard clinics should apply across every patient-facing channel. Treating a phone script with the same discipline as a website or brochure is the safest approach, rather than assuming spoken words carry less risk than written ones.

Can an AI receptionist ever give medical advice if a caller insists?

No. A properly configured AI receptionist for a clinic should decline to give medical advice regardless of how the caller phrases the request, and instead offer to book an appointment, take a message for clinical staff, or direct genuine emergencies to 000. This boundary should be a fixed rule in the system, not something that shifts based on how the conversation goes.

Is it a privacy breach if the AI confirms someone is a patient to a caller who says they're family?

Confirming patient status to any unverified caller, including someone claiming to be a family member, risks breaching patient privacy, because the AI has no way to verify the claim over the phone. The safe default is to never confirm or deny patient status to anyone who isn't already verified through the clinic's own process, and to take a message instead.

Do these rules apply differently to a solo practitioner versus a large clinic?

The underlying obligations, National Law advertising restrictions and Privacy Act requirements, apply regardless of practice size. What changes with size is usually the internal process for reviewing scripts and data handling, a solo practitioner is making these calls personally, while a larger clinic may have a practice manager or compliance lead doing it. The standard the AI is held to doesn't change either way.

---

None of this is about avoiding AI receptionists in healthcare, it's about setting one up properly. A system built with the right disclosures, the right boundaries on what it will and won't say, and Australian-hosted data handling can genuinely reduce risk compared with an inconsistent human process, because every call follows the same script instead of varying by whoever picks up.

Want to see how this is configured for clinics specifically? Have a look at our AI medical receptionist or get in touch if you'd like to talk through what compliance looks like for your practice.

Justine Coupland

Justine Coupland

Founder, LUNA Systems · Registered Nurse (AHPRA: NMW0002113429)

Former nurse and beauty therapist turned automation consultant. Justine builds custom AI systems for Australian service businesses — so they can stop chasing leads and start growing.

Want automation tips in your inbox?

Get weekly insights on business automation — no spam, unsubscribe anytime.

Subscribe

Get in touch

Ready to grow your business?

Tell us a bit about what you're after and we'll get back to you within one business day with honest advice on where to start. No hard sell.

Free discovery call — 30 minutes
Custom plan tailored to your business
Australia-wide service