Australia Raises Alarm Over AI Scribes Listening In on Doctor Visits
Federal health officials are warning that AI tools recording patient conversations in GP clinics may pose serious privacy risks — and regulators are now weighing whether new rules are needed.

Key points
- Australia's federal health department has formally raised concerns about AI scribe tools being used in GP surgeries.
- AI scribes — software that records, transcribes, and summarises doctor-patient conversations — have surged in popularity over the past 18 months.
- Australia's health regulator is actively considering whether safeguards around the technology are necessary.
- No national rules governing AI scribes in clinical settings currently exist in Australia.
Every day, patients walk into their GP's office and talk about their health — sometimes the most private details of their lives. A growing number of those conversations are now being recorded, transcribed, and summarised automatically by artificial intelligence software known as an AI scribe.
These tools work by listening to the doctor-patient conversation in real time, turning it into text, and generating a ready-made clinical note. For busy GPs, it is an attractive shortcut. Use has boomed across Australian clinics in the past 18 months.
Now the federal health department has raised concerns, and the health regulator is examining whether guardrails — rules to limit risk — are needed around the technology. Guardian Australia first reported the intervention.
What does this mean for patients?
The short answer is that patients may not always know their conversation is being recorded, where that recording goes, or who can access it later. That matters enormously when the conversation covers a mental health diagnosis, a sexual health concern, or a terminal illness.
Most AI scribe products process audio on remote servers, often operated by overseas companies. Once a recording leaves the clinic, Australian privacy law may offer only partial protection — and enforcement across borders is difficult.
Doctors using these tools carry professional obligations to inform patients and get their consent. But there is no single national standard spelling out exactly what that consent must look like, how data must be stored, or how long it can be kept.
The concern is not that doctors are acting in bad faith. The concern is that the technology moved faster than the rules.
From a security standpoint, audio recordings and clinical summaries are extremely sensitive data. A database holding transcripts of thousands of GP consultations would be a high-value target — the kind of trove that criminal groups running ransomware attacks, where malicious software locks or steals files to extract a payment, actively seek out.
Health records fetch a high price on criminal marketplaces because they cannot be cancelled like a credit card. A stolen medical history follows a person for life.
What should patients do?
If you visit a GP and notice a recording device or unfamiliar software running, ask your doctor directly what it is and how your data is handled. You have the right to ask. You also have the right to decline recording without it affecting your care.
Australia's health regulator has not yet announced specific rules. Until it does, patients and clinics are operating in a grey zone — and that gap is exactly what both privacy advocates and security researchers are watching.



