Software will meet the definition of a medical device and be regulated by us if it is intended by the manufacturer to be used for:
- diagnosing, preventing, monitoring, treating or alleviating disease
- diagnosing, monitoring, treating, alleviating or compensating for an injury or disability
- investigating, replacing or modifying the anatomy or a physiological process
- supporting or sustaining life
- controlling conception
- disinfection of medical devices
- providing information by means of in vitro examination of specimens derived from the human body.
Software products that meet the definition could include standalone software, mobile apps and software that uses AI or machine learning to support clinical decisions.
Your responsibilities
As a health professional, you are responsible for the safe and appropriate use of software in your practice.
- Check the software is included in the ARTG – Check with the sponsor.
- Understand the intended purpose – Review the manufacturer’s instructions and ensure the software is used only for its intended purpose.
- Assess clinical suitability – Consider whether the software is appropriate for your patient’s condition, and whether it complements or replaces other clinical tools.
- Use informed consent – Ask for consent before using the software. Explain the benefits, limitations, and risks – especially when the software uses AI or collects personal data.
- Report adverse events – If the software causes harm or doesn’t perform as expected, report it to the Sponsor and follow your organisation’s incident management requirements including any mandatory reporting requirements.
- Report potential cyber security issues with medical devices – Call us on 1800 809 361.
Professional obligations under the Australian Health Practitioner Regulation Agency
Regardless of the technology used, health professionals remain responsible for delivering safe, ethical, and high-quality care. The Australian Health Practitioner Regulation Agency (Ahpra) expects practitioners to:
- uphold their professional obligations
- maintain accountability for clinical decisions and patient outcomes
- understand the purpose, limitations, and appropriate use of SaMD, including AI-enabled tools
- ensure transparency and informed consent when using digital tools in care.
Meeting your professional obligations when using Artificial Intelligence in healthcare outlines how existing codes of conduct apply when using AI in clinical practice.
Considerations for AI-based software
Software that uses artificial intelligence or machine learning may:
- adapt over time based on new data
- produce outputs that are difficult to interpret
- rely on training data that may not reflect your patient population or needs.
Using AI-based software:
When using AI-based software you should:
- understand how the algorithm works and what data it uses
- be aware of any limitations or biases
- monitor performance and clinical outcomes
- not rely solely on the software – always use your clinical judgement.
Cyber security and data protection
Connected medical devices and apps can be vulnerable to cyber threats. To reduce risk:
- use secure networks and avoid public Wi-Fi when accessing patient data
- keep software and devices up to date with the latest security patches
- use strong, unique passphrases and enable multi-factor authentication where possible
- educate patients about safe use, especially if they use the software at home
- refer to the Australian Cyber Security Centre (ACSC) for guidance on securing medical devices and systems.
Medical device cyber security information for users outlines the responsibilities of health professionals and other users.
Supporting safe use in clinical settings
To ensure the safe use of software based medical devices you must:
- follow your organisation’s digital health policies
- make sure your staff know how to use software safely and ethically
- document decisions made with the support of software
- review updates and alerts from us or the software sponsor.