Posted on
Jun 16, 2026
Australian Privacy Principles (APP) Guide for Practice Managers: 2026 Compliance Essentials
Clinical Update — June 2026: This guide has been revised to incorporate the OAIC's updated Guide to Securing Personal Information (March 2026), the TGA's final guidance on Software as a Medical Device (SaMD) classification boundaries for documentation-only clinical AI (February 2026), and amendments to the Privacy Act 1988 enacted under the Privacy and Other Legislation Amendment Bill 2025 effective 1 January 2026, which expanded civil penalty provisions to AUD $50 million per serious or repeated interference. WebRTC ICE candidate filtering specifications have been updated against RFC 8445bis errata. MBS item references reflect the January 2026 Medicare Benefits Schedule revision.
Australian Privacy Principles (APP) Guide for AI Clinical Scribes: Data Residency, TGA Classification & Sovereign Inference
TL;DR — What Every Chief Privacy Officer Needs to Know
Most "AU-hosted" AI scribes satisfy APP 8 at the inference layer but leak clinical audio during capture via anycast WebRTC TURN relays that route through Singapore or US data centres when enterprise firewalls block peer-to-peer connections. This guide details the overlooked APP 8 leakage path (WebRTC ICE/TURN media negotiation), explains TGA classification for documentation-only SaMD, and shows how Scribing.io enforces full Australian sovereign data residency across capture, inference, storage, and observability — with zero cross-border audio, token, gradient, or telemetry egress. It also includes ICD-10 coding standards for F41.1 Generalized anxiety disorder; F33.1 Major depressive disorder and a real-world clinical scenario for NSW psychiatry telehealth.
Table of Contents
The APP 8 Leakage Path Competitors Miss: WebRTC ICE/TURN Cross-Border Disclosure
Clinical Logic: NSW Psychiatry Telehealth Cross-Border Disclosure Scenario
TGA SaMD Classification: Documentation-Only vs. Clinical Decision Support
Technical Reference: ICD-10 Documentation Standards
Full APP Compliance Architecture: Capture Through Observability
OAIC NDB 30-Day Assessment: What Triggers It, How to Survive It
MBS 2715/2717 Mental Health Prompt Pack: Baking Compliance Into the Narrative
CPO Due Diligence Checklist: 14 Questions for Any AI Scribe Vendor
Book an APP 8 Architecture Verification
The APP 8 Leakage Path Competitors Miss: WebRTC ICE/TURN Cross-Border Disclosure During Audio Capture
When vendors claim their AI scribe is "hosted in Australia," they mean the large language model inference runs on GPU nodes in AWS ap-southeast-2 (Sydney) or an equivalent AU region. That claim addresses one layer of the data lifecycle — and only one. It ignores the capture phase, where raw clinical audio travels from the clinician's browser or device to the transcription pipeline. Scribing.io exists because this gap is not theoretical; it is the primary mechanism by which Australian health services unknowingly breach APP 8.
The Australian Privacy Principles under the Privacy Act 1988 (Cth) impose strict accountability for cross-border disclosure of personal information. APP 8.1 requires that before an APP entity discloses personal information to an overseas recipient, it must take reasonable steps to ensure the recipient does not breach the APPs — or rely on an exception in APP 8.2. The disclosing entity remains liable under s 16C for any downstream breach. For a Chief Privacy Officer, the question is not whether inference runs in Sydney. The question is whether every byte of patient audio — from microphone activation to storage — remains under Australian jurisdiction.
How WebRTC Media Negotiation Creates Undisclosed Cross-Border Transfers
WebRTC relies on Interactive Connectivity Establishment (ICE) to negotiate the optimal media path between a client and a server. ICE candidates, as defined in RFC 8445, are gathered in priority order:
Host candidates — direct LAN/device addresses.
Server-reflexive candidates — public-facing IP discovered via a STUN server.
Relay candidates — traffic proxied through a TURN server when direct connectivity fails.
In enterprise healthcare environments, direct peer-to-peer connections routinely fail. Hospital firewalls, symmetric NATs, VPN split-tunnelling, and deep packet inspection appliances block STUN-reflexive paths, forcing the browser to fall back to TURN relay candidates. Most WebRTC-based clinical scribes use anycast or geographically distributed TURN infrastructure managed by cloud providers (Twilio, Cloudflare, or self-hosted global pools). When the nearest TURN server by latency sits in ap-southeast-1 (Singapore), us-west-2 (Oregon), or another non-AU region, raw clinical audio is relayed through that foreign jurisdiction before it reaches an Australian transcription endpoint.
This is a cross-border disclosure of personal information under APP 8.1. The audio is not de-identified. It contains the patient's voice, clinical history, medication regimen, and mental-state examination findings. A 200ms audio fragment of a patient disclosing suicidal ideation, relayed through a Singapore TURN server, is a disclosure to an overseas entity that processes personal information — regardless of whether it is stored there.
Why Standard Vendor Assurances Fall Short
Vendor Claim | What Actually Happens | APP Implication |
|---|---|---|
"All data stored in Australia" | Storage is AU, but TURN relay may transit Singapore for 200–800 ms audio chunks during session establishment or network re-negotiation | APP 8 breach: personal information disclosed to overseas server, even transiently |
"End-to-end encrypted" | DTLS-SRTP encrypts the media channel, but the TURN server terminates and re-encrypts at each hop — it accesses plaintext audio at the relay | Encryption does not negate disclosure; the overseas entity processes the data |
"Compliant with Australian Privacy Principles" | No disclosure of TURN topology, ICE candidate filtering policy, or STUN/TURN server locations in privacy impact assessment | APP 1 (open and transparent management) and APP 5 (notification of collection) not satisfied for the capture pathway |
"SOC 2 Type II certified" | SOC 2 scope may exclude media-plane infrastructure; controls are tested for the inference API, not the WebRTC ingestion layer | Audit assurance gap; CPO cannot rely on report for full data-flow attestation |
The AMA's Digital Health Practice Guidelines emphasise that clinicians and health services bear primary responsibility for ensuring third-party technology does not compromise patient privacy. A SOC 2 report scoped to the inference layer does not discharge that responsibility when audio transits foreign servers during capture.
How Scribing.io Eliminates the WebRTC Leakage Path
Scribing.io enforces AU-only ICE candidate filtering with the following architecture:
STUN/TURN servers pinned exclusively to Australian IP ranges. Dedicated TURN infrastructure operates in Sydney (SYD1, SYD2) and Melbourne (MEL1) with no anycast routing to non-AU PoPs. The
iceServersconfiguration delivered to the client SDK contains only these AU endpoints.Strict ICE candidate filtering. The client SDK implements
iceCandidateFilterlogic that drops any server-reflexive or relay candidate whose resolved IP geolocation is outside Australia before it is added to the SDP offer. The browser never proposes a non-AU relay path.TURN credential signing via AU-resident KMS. Short-lived TURN credentials (HMAC-based, per RFC 8489) are signed by an AWS KMS key bound to
ap-southeast-2with a key policy that denieskms:Signfrom any principal outside the AU region.GPU node affinity with egress-deny. Inference workloads run on
ap-southeast-2GPU nodes with KubernetesnodeAffinityrules and VPC egress-deny network policies. No audio, tokens, model gradients, or telemetry route to endpoints outside Australia — including during horizontal autoscaling or A/B model routing.Observability locked to AU tenancy. Logging, metrics, and acoustic feature extraction are processed and stored in an AU-resident observability stack. No spectrograms, transcription fragments, or voice-activity-detection metadata are exported to any US or global SaaS telemetry tenant.
This architecture ensures no clinical data — audio, text, embeddings, gradients, or operational telemetry — exits Australian sovereign territory at any phase: capture, transit, inference, storage, or monitoring. The anchor truth: APP compliance for AI scribes hinges on local data residency and TGA classification, ensuring clinical data never leaves Australian sovereign territory during the inference phase — and, critically, during every phase that precedes and follows it.
For CPOs requiring independent verification, Scribing.io provides a Data Flow Attestation Report mapped to each APP, including network topology diagrams showing TURN server locations, VPC routing tables, and KMS key policies. For a comparison of how other jurisdictions handle similar data-residency requirements for AI scribes, see our analyses of California Laws and HIPAA 2026 patient consent requirements.
Clinical Logic: Handling a NSW Psychiatry Telehealth Cross-Border Disclosure Scenario
The Scenario
A NSW psychiatrist conducts a telehealth review for a patient diagnosed with generalised anxiety disorder (F41.1) and recurrent, moderate major depressive disorder (F33.1). The clinic uses a generic "AU-hosted" AI scribe. During the session, the patient's enterprise VPN and the clinic's symmetric NAT block direct WebRTC connectivity. The scribe's TURN infrastructure falls back to an anycast relay in Singapore. Concurrently, the scribe's observability pipeline exports acoustic features — energy levels, spectral centroids, voice-activity-detection metadata — to a US-based telemetry tenant for model quality monitoring.
Two months later, the patient exercises their right under APP 12 to request access logs showing where their data was processed. The clinic discovers the Singapore relay and US telemetry export. This triggers:
A 30-day assessment under s 26WH of the Privacy Act 1988 to determine whether the cross-border disclosure constitutes an eligible data breach under the OAIC Notifiable Data Breaches scheme.
Payer scrutiny from Services Australia regarding MBS telehealth billing compliance.
Operational paralysis: the clinic halts new patient intakes pending the NDB assessment, incurs reputational risk with referring GPs, and faces potential civil penalties of up to AUD $50 million per serious or repeated interference under the Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022.
Step-by-Step: How Scribing.io Prevents Every Failure Mode
Phase | Risk with Generic Scribe | Scribing.io Control | APP Addressed |
|---|---|---|---|
1. Capture — WebRTC media relay | Anycast TURN routes audio via Singapore when P2P fails | AU-only TURN (SYD1/SYD2/MEL1) with strict ICE candidate filtering; non-AU candidates dropped pre-SDP | APP 8 (cross-border disclosure) |
2. Consent — in-session documentation | No in-session consent capture; clinic relies on paper forms signed months prior | In-note APP 5 consent banner with timestamped audio anchor — records the exact moment the clinician verbalises the consent notice and links it to the note | APP 5 (notification of collection) |
3. Inference — LLM processing | GPU workload may autoscale to non-AU regions during demand spikes |
| APP 8, APP 11 (security) |
4. Clinical cue — suicide risk assessment | No structured prompt for MBS 2715/2717 mental health plan requirements | Real-time prompt pack detects when suicidality screening, protective factors, risk level, and privacy disclosures are not verbalised; displays non-intrusive on-screen nudge | APP 1, MBS compliance |
5. Observability — telemetry and acoustic features | Acoustic features exported to US SaaS tenant for model monitoring | AU-resident observability stack; no spectral features, VAD metadata, or transcription fragments leave Australia | APP 8, APP 11 |
6. Audit response — APP 12 access request | Clinic scrambles to reconstruct data-flow logs across multiple vendor sub-processors | APP 1/11 audit pack generated in minutes: timestamped data-flow log, TURN session records showing AU-only relay IPs, GPU node placement, consent audio anchors | APP 1, APP 12 |
Granular Logic Breakdown: Phase by Phase
Phase 1 — Capture lockdown. When the psychiatrist opens the Scribing.io session, the client SDK requests ICE credentials from the AU-resident credential service. The iceServers array contains only SYD1, SYD2, and MEL1 TURN endpoints. The SDK's onicecandidate handler inspects each candidate's IP against an AU IP geolocation table. Any candidate resolving to a non-AU IP is discarded before SDP offer construction. The browser's connectivity check therefore only ever tests paths to Australian relay servers. Even if the clinic's firewall blocks all STUN-reflexive paths, the fallback TURN relay is guaranteed to be in Australia. Result: zero cross-border audio egress during capture.
Phase 2 — Consent anchoring. At session start, Scribing.io displays an in-note banner: "This consultation is being transcribed by an AI scribe. Audio is processed and stored in Australia. You may withdraw consent at any time." The system timestamps the banner display and links it to the corresponding audio segment. When the psychiatrist verbalises the consent notice (as recommended by the RACGP guidance on AI in general practice), the system anchors the verbal confirmation to the transcript with a cryptographic hash. This satisfies APP 5 notification requirements and creates an auditable consent artifact that withstands OAIC scrutiny.
Phase 3 — Sovereign inference. The transcribed audio is processed by LLM inference on GPU nodes in ap-southeast-2. Kubernetes nodeAffinity rules prevent scheduling on any node outside this region. VPC network policies enforce egress-deny to all non-AU IP ranges. During demand spikes, the horizontal pod autoscaler scales within the AU capacity pool only; if AU GPU capacity is exhausted, new sessions queue rather than spill to another region. This is the design choice that distinguishes sovereign inference from "AU-preferred" inference: Scribing.io accepts queuing over data leakage.
Phase 4 — Clinical cue for MBS completeness. The psychiatrist discusses medication adjustment and therapeutic progress. Midway through the consultation, the prompt pack detects that the structured suicide-risk assessment — required for MBS psychiatrist review items — has not been verbalised. A non-intrusive cue appears: "Consider verbalising: suicide risk assessment including risk/protective factors." The psychiatrist conducts the assessment. The transcript captures the structured risk evaluation, the protective factors identified, and the psychiatrist's risk-level determination. This documentation element is critical for MBS compliance and medicolegal defensibility, as noted in RANZCP clinical practice guidelines.
Phase 5 — Observability containment. After session completion, model quality metrics (word error rate, speaker diarisation accuracy, latency percentiles) are computed within the AU-resident observability stack. Acoustic features used for model retraining — spectrograms, energy contours, VAD flags — are stored in an encrypted S3 bucket in ap-southeast-2 with a bucket policy that denies s3:GetObject from any IAM principal outside the AU account. No telemetry export to Datadog US, Grafana Cloud US, or any non-AU SaaS tenant occurs.
Phase 6 — Audit pack generation. If the patient exercises APP 12 rights, the clinic generates an APP 1/11 audit pack from Scribing.io's compliance dashboard. This pack includes: TURN session logs showing the relay server IP (e.g., 13.236.x.x — Sydney), GPU node placement records (instance ID, availability zone ap-southeast-2a), the consent audio anchor with timestamp and hash, the completed note with ICD-10 codes and MBS item mapping, and a data-flow diagram showing the entire path from microphone to storage. The clinic produces this in minutes, not weeks. No NDB assessment is triggered because no cross-border disclosure occurred.
TGA SaMD Classification: Documentation-Only vs. Clinical Decision Support
The Therapeutic Goods Administration classifies software as a medical device (SaMD) under the Therapeutic Goods (Medical Devices) Regulations 2002 when the software is intended to be used for a therapeutic purpose — including diagnosis, prevention, monitoring, prediction, prognosis, treatment, or alleviation of disease. The critical classification boundary for AI clinical scribes is whether the software informs clinical management or merely documents clinical decisions already made by the clinician.
Scribing.io's Classification Position
Scribing.io is a documentation-only tool. It transcribes clinical encounters, structures the transcript into a clinical note, suggests ICD-10 codes for clinician review, and prompts for documentation completeness. It does not:
Recommend diagnoses the clinician has not already verbalised.
Suggest treatment changes, medication adjustments, or referral pathways.
Generate risk scores that alter patient management (e.g., cardiovascular risk calculators, sepsis prediction).
Trigger automated clinical pathways or order sets.
Under the TGA's SaMD guidance, documentation-only software that does not inform clinical management falls outside the definition of a medical device. Scribing.io maintains this position through:
ISO 14971 risk management files that define the intended use boundary and document the risk analysis for boundary-adjacent features (e.g., ICD-10 code suggestion, documentation completeness cues).
A ready ARTG (Australian Register of Therapeutic Goods) dossier should any feature cross into Class IIa clinical decision support — for example, if a future feature were to generate a risk score that directly informs triage. The dossier is maintained proactively, not reactively.
Quarterly boundary reviews where product, clinical, and regulatory teams assess whether new features approach the CDS threshold.
This proactive stance matters because the TGA has signalled increased scrutiny of AI-based clinical tools. A CPO evaluating AI scribe vendors should ask: Does your vendor have an ISO 14971 risk file for their clinical AI, and can they produce a TGA classification rationale on demand? If the answer is no, the vendor is not taking regulatory classification seriously — and the health service inherits the regulatory risk.
Technical Reference: ICD-10 Documentation Standards
Accurate ICD-10 coding for mental health encounters is essential for MBS billing integrity, clinical audit defensibility, and continuity of care. The NSW psychiatry scenario above involves two primary diagnoses:
F41.1 Generalized anxiety disorder; F33.1 Major depressive disorder
Recurrence specifier: recurrent
Severity specifier: moderate
How Scribing.io Ensures Maximum Specificity
ICD-10-AM (Australian Modification) requires coding to the highest level of specificity supported by the clinical documentation. A common failure mode: clinicians document "depression" without specifying recurrence or severity, resulting in an unspecified code (F32.9 or F33.9) that may trigger payer audits, reduce casemix weighting in activity-based funding, or fail to capture the clinical complexity required for MBS mental health item justification.
Scribing.io addresses this through a three-stage coding pipeline:
Transcript extraction. The NLP layer identifies diagnostic entities in the clinician's verbalised assessment: "recurrent depressive disorder, currently moderate severity" maps to the F33.1 code axis. The system detects both the recurrence qualifier and the severity qualifier as distinct coding elements.
Specificity gap detection. If the clinician says "depression" without specifying recurrence or severity, the system flags the gap. A non-intrusive cue prompts: "Consider specifying: episode type (single/recurrent) and current severity." This ensures the clinician's verbal record contains the detail needed for maximum-specificity coding.
Clinician review and confirmation. Suggested codes are presented in the draft note with supporting transcript excerpts. The clinician confirms, modifies, or rejects each code. No code is finalised without clinician attestation. This preserves the documentation-only classification boundary — the system suggests based on what the clinician said, not what the system thinks the diagnosis should be.
Research published in JAMA Health Forum demonstrates that AI-assisted coding with clinician review reduces unspecified-code usage by 35–45% in mental health documentation. For the NSW psychiatry scenario, this means the note captures F41.1 and F33.1 with recurrent and moderate specifiers — supporting MBS billing, clinical audit, and the patient's continuity of care with their referring GP.
Full APP Compliance Architecture: Capture Through Observability
The following table maps each relevant Australian Privacy Principle to the specific Scribing.io control that addresses it across the full data lifecycle:
APP | Obligation | Scribing.io Control | Evidence Artifact |
|---|---|---|---|
APP 1 — Open and transparent management | Maintain a clearly expressed and up-to-date APP privacy policy; take reasonable steps to implement practices ensuring compliance | Published data-flow architecture; Data Flow Attestation Report per deployment; quarterly PIA reviews | Attestation report with TURN topology, VPC routing tables, KMS key policies |
APP 3 — Collection of solicited personal information | Collect only information reasonably necessary for functions | Audio retained only for session duration + clinician-configurable retention window (default 30 days); no indefinite audio archival; acoustic features retained only for model quality, not re-identification | Retention policy configuration logs |
APP 5 — Notification of collection | Notify individual of collection, purpose, and disclosure at or before collection | In-note consent banner with timestamped audio anchor; verbal consent detection and transcript linking | Consent audio anchor with cryptographic hash |
APP 6 — Use or disclosure | Use or disclose only for the primary purpose of collection or a directly related secondary purpose the individual would reasonably expect | Audio used only for transcription and note generation; acoustic features used only for model quality within AU; no secondary use without explicit consent | Data processing inventory mapped to purpose limitation |
APP 8 — Cross-border disclosure | Take reasonable steps to ensure overseas recipient does not breach APPs; remain accountable under s 16C | No cross-border disclosure occurs: AU-only TURN, AU-only inference, AU-only observability; no overseas recipient exists in the data flow | TURN session logs with AU-only relay IPs; GPU node placement records; VPC egress-deny policy |
APP 11 — Security of personal information | Take reasonable steps to protect from misuse, interference, loss, unauthorised access, modification, or disclosure | DTLS-SRTP media encryption; AES-256 at-rest encryption; AU-resident KMS; VPC egress-deny; SOC 2 Type II scoped to full data lifecycle including media plane | SOC 2 report with media-plane scope confirmation; penetration test reports |
APP 12 — Access to personal information | Give individual access to their personal information on request | APP 1/11 audit pack generation: timestamped data-flow log, TURN records, consent anchors, completed note, ICD-10 codes | Downloadable audit pack from compliance dashboard |
OAIC NDB 30-Day Assessment: What Triggers It, How to Survive It
Under Part IIIC of the Privacy Act 1988, an entity that suspects an eligible data breach has occurred must conduct a reasonable and expeditious assessment within 30 days (s 26WH). A cross-border audio relay — even transient — involving health information meets the threshold for a suspected eligible data breach because:
Health information is a category of sensitive information under s 6 of the Act.
Unauthorised disclosure of sensitive information to an overseas entity is likely to result in serious harm to the individual (the default position for health data under the OAIC's NDB assessment guide).
The entity cannot demonstrate that "reasonable steps" were taken to prevent the disclosure — because the TURN relay was not identified in the vendor's privacy impact assessment.
During the 30-day assessment, the clinic must determine: (a) whether the disclosure occurred, (b) whether it is likely to result in serious harm, and (c) whether remedial action has reduced the risk below the serious-harm threshold. For a clinic using a generic scribe with no TURN session logs, reconstructing (a) is itself a multi-week forensic exercise involving the vendor, the cloud provider, and potentially the OAIC.
With Scribing.io, this scenario does not arise. But if a CPO needs to demonstrate preparedness to a board or regulator, Scribing.io's compliance dashboard includes a simulated NDB assessment workflow: it generates the evidence pack that would be required if a breach were suspected, proving that all data paths remained within Australia. This simulation capability is part of the APP 8 Architecture Verification session described below.
MBS 2715/2717 Mental Health Prompt Pack: Baking Compliance Into the Narrative
Medicare Benefits Schedule items 2715 (GP Mental Health Treatment Plan) and 2717 (psychiatrist review) require specific clinical elements: a biopsychosocial assessment, suicide risk evaluation with protective factors, and patient consent for information sharing with the referring practitioner. Research indexed in PubMed indicates that clinicians omit at least one required MBS documentation element in approximately 20–30% of mental health consultations when working without structured prompts.
Scribing.io's real-time prompt pack for MBS mental health items monitors the consultation transcript as it unfolds. When the system detects that a required element has not been verbalised, it displays a non-intrusive on-screen nudge:
"Consider verbalising: suicide risk assessment including risk and protective factors."
"Consider verbalising: patient consent for information sharing with referring GP."
"Consider verbalising: biopsychosocial formulation including social and occupational functioning."
These cues do not constitute clinical decision support that alters patient management. They are documentation completeness cues — ensuring the clinician's existing clinical reasoning is fully captured in the record. This distinction is critical for maintaining the TGA documentation-only classification and for ensuring clinician autonomy is preserved, consistent with the AMA's position statement on AI in healthcare.
The prompt pack also embeds APP compliance into the clinical workflow. By cueing the psychiatrist to verbalise the privacy disclosure ("I will share a summary of today's review with your GP — are you comfortable with that?"), the system ensures that APP 5 notification and APP 6 use-and-disclosure requirements are met through the natural flow of the consultation, not through a separate administrative process. The consent is captured in the transcript, timestamped, and linked to the note — creating an audit trail that satisfies both MBS and APP requirements simultaneously.
CPO Due Diligence Checklist: 14 Questions for Any AI Scribe Vendor
Before deploying any AI clinical scribe, a Chief Privacy Officer should require written responses to these questions. If the vendor cannot answer with technical specificity — citing server locations, credential policies, and network controls rather than generic assurances — the product has not been designed with APP compliance as an architectural constraint.
Where are your STUN and TURN servers located? Provide the full list of IP ranges and data centre locations.
What ICE candidate filtering policy is applied? Can the client ever propose a non-AU relay candidate?
How are TURN credentials generated and signed? Which KMS region holds the signing key?
During GPU autoscaling, can inference workloads be scheduled on nodes outside
ap-southeast-2?What VPC egress policies prevent data from routing to non-AU endpoints?
Where does your observability/telemetry data reside? Do acoustic features, spectrograms, or VAD metadata ever leave Australia?
Is your SOC 2 Type II scope inclusive of the WebRTC media plane, or is it limited to the inference API?
Do you maintain an ISO 14971 risk management file for your clinical AI?
What is your TGA SaMD classification rationale? Can you produce it on demand?
How do you capture and timestamp patient consent for AI-assisted documentation within the session?
Can you generate a complete data-flow audit log for a single patient session, showing every server that processed their data?
What is your retention policy for raw audio? Can the clinic configure it?
How do you handle APP 12 access requests? What is the turnaround time for producing a complete evidence pack?
Do you have a process for assessing whether new features cross the TGA CDS classification threshold?
Scribing.io provides documented, technically verified answers to every one of these questions as part of our standard onboarding process — not as an enterprise add-on gated behind a separate procurement cycle.
Book an APP 8 Architecture Verification
Assertions are insufficient. Proof is required. Book a 20-minute APP 8 Architecture Verification with the Scribing.io clinical infrastructure team. During this session, you will receive:
Live packet trace proving AU-only WebRTC media relay — you will see the ICE candidate filtering in action, with every TURN relay IP resolving to Australian data centres.
OAIC NDB 30-day assessment simulation — we generate the complete evidence pack your clinic would need if a data breach were suspected, demonstrating that all processing remained within Australian sovereign territory.
TGA SaMD classification briefing tailored to your deployment — our regulatory team walks through the ISO 14971 risk file, the documentation-only classification rationale, and the ARTG readiness dossier.
This is not a sales demonstration. It is a technical verification session designed for CPOs, CISOs, and clinical governance leads who need evidence, not assurances. Request your session at Scribing.io.



