Posted on

Jun 16, 2026

Australian Privacy Principles (APP) Guide for Practice Managers: 2026 Compliance Essentials

Australian medical practice reception desk with digital privacy and data protection concept representing APP compliance for practice managers
Australian medical practice reception desk with digital privacy and data protection concept representing APP compliance for practice managers

Clinical Update — June 2026: This guide has been revised to incorporate the OAIC's updated Guide to Securing Personal Information (March 2026), the TGA's final guidance on Software as a Medical Device (SaMD) classification boundaries for documentation-only clinical AI (February 2026), and amendments to the Privacy Act 1988 enacted under the Privacy and Other Legislation Amendment Bill 2025 effective 1 January 2026, which expanded civil penalty provisions to AUD $50 million per serious or repeated interference. WebRTC ICE candidate filtering specifications have been updated against RFC 8445bis errata. MBS item references reflect the January 2026 Medicare Benefits Schedule revision.

Australian Privacy Principles (APP) Guide for AI Clinical Scribes: Data Residency, TGA Classification & Sovereign Inference

TL;DR — What Every Chief Privacy Officer Needs to Know

Most "AU-hosted" AI scribes satisfy APP 8 at the inference layer but leak clinical audio during capture via anycast WebRTC TURN relays that route through Singapore or US data centres when enterprise firewalls block peer-to-peer connections. This guide details the overlooked APP 8 leakage path (WebRTC ICE/TURN media negotiation), explains TGA classification for documentation-only SaMD, and shows how Scribing.io enforces full Australian sovereign data residency across capture, inference, storage, and observability — with zero cross-border audio, token, gradient, or telemetry egress. It also includes ICD-10 coding standards for F41.1 Generalized anxiety disorder; F33.1 Major depressive disorder and a real-world clinical scenario for NSW psychiatry telehealth.

Table of Contents

  • The APP 8 Leakage Path Competitors Miss: WebRTC ICE/TURN Cross-Border Disclosure

  • Clinical Logic: NSW Psychiatry Telehealth Cross-Border Disclosure Scenario

  • TGA SaMD Classification: Documentation-Only vs. Clinical Decision Support

  • Technical Reference: ICD-10 Documentation Standards

  • Full APP Compliance Architecture: Capture Through Observability

  • OAIC NDB 30-Day Assessment: What Triggers It, How to Survive It

  • MBS 2715/2717 Mental Health Prompt Pack: Baking Compliance Into the Narrative

  • CPO Due Diligence Checklist: 14 Questions for Any AI Scribe Vendor

  • Book an APP 8 Architecture Verification

The APP 8 Leakage Path Competitors Miss: WebRTC ICE/TURN Cross-Border Disclosure During Audio Capture

When vendors claim their AI scribe is "hosted in Australia," they mean the large language model inference runs on GPU nodes in AWS ap-southeast-2 (Sydney) or an equivalent AU region. That claim addresses one layer of the data lifecycle — and only one. It ignores the capture phase, where raw clinical audio travels from the clinician's browser or device to the transcription pipeline. Scribing.io exists because this gap is not theoretical; it is the primary mechanism by which Australian health services unknowingly breach APP 8.

The Australian Privacy Principles under the Privacy Act 1988 (Cth) impose strict accountability for cross-border disclosure of personal information. APP 8.1 requires that before an APP entity discloses personal information to an overseas recipient, it must take reasonable steps to ensure the recipient does not breach the APPs — or rely on an exception in APP 8.2. The disclosing entity remains liable under s 16C for any downstream breach. For a Chief Privacy Officer, the question is not whether inference runs in Sydney. The question is whether every byte of patient audio — from microphone activation to storage — remains under Australian jurisdiction.

How WebRTC Media Negotiation Creates Undisclosed Cross-Border Transfers

WebRTC relies on Interactive Connectivity Establishment (ICE) to negotiate the optimal media path between a client and a server. ICE candidates, as defined in RFC 8445, are gathered in priority order:

  1. Host candidates — direct LAN/device addresses.

  2. Server-reflexive candidates — public-facing IP discovered via a STUN server.

  3. Relay candidates — traffic proxied through a TURN server when direct connectivity fails.

In enterprise healthcare environments, direct peer-to-peer connections routinely fail. Hospital firewalls, symmetric NATs, VPN split-tunnelling, and deep packet inspection appliances block STUN-reflexive paths, forcing the browser to fall back to TURN relay candidates. Most WebRTC-based clinical scribes use anycast or geographically distributed TURN infrastructure managed by cloud providers (Twilio, Cloudflare, or self-hosted global pools). When the nearest TURN server by latency sits in ap-southeast-1 (Singapore), us-west-2 (Oregon), or another non-AU region, raw clinical audio is relayed through that foreign jurisdiction before it reaches an Australian transcription endpoint.

This is a cross-border disclosure of personal information under APP 8.1. The audio is not de-identified. It contains the patient's voice, clinical history, medication regimen, and mental-state examination findings. A 200ms audio fragment of a patient disclosing suicidal ideation, relayed through a Singapore TURN server, is a disclosure to an overseas entity that processes personal information — regardless of whether it is stored there.

Why Standard Vendor Assurances Fall Short

Vendor Claim

What Actually Happens

APP Implication

"All data stored in Australia"

Storage is AU, but TURN relay may transit Singapore for 200–800 ms audio chunks during session establishment or network re-negotiation

APP 8 breach: personal information disclosed to overseas server, even transiently

"End-to-end encrypted"

DTLS-SRTP encrypts the media channel, but the TURN server terminates and re-encrypts at each hop — it accesses plaintext audio at the relay

Encryption does not negate disclosure; the overseas entity processes the data

"Compliant with Australian Privacy Principles"

No disclosure of TURN topology, ICE candidate filtering policy, or STUN/TURN server locations in privacy impact assessment

APP 1 (open and transparent management) and APP 5 (notification of collection) not satisfied for the capture pathway

"SOC 2 Type II certified"

SOC 2 scope may exclude media-plane infrastructure; controls are tested for the inference API, not the WebRTC ingestion layer

Audit assurance gap; CPO cannot rely on report for full data-flow attestation

The AMA's Digital Health Practice Guidelines emphasise that clinicians and health services bear primary responsibility for ensuring third-party technology does not compromise patient privacy. A SOC 2 report scoped to the inference layer does not discharge that responsibility when audio transits foreign servers during capture.

How Scribing.io Eliminates the WebRTC Leakage Path

Scribing.io enforces AU-only ICE candidate filtering with the following architecture:

  • STUN/TURN servers pinned exclusively to Australian IP ranges. Dedicated TURN infrastructure operates in Sydney (SYD1, SYD2) and Melbourne (MEL1) with no anycast routing to non-AU PoPs. The iceServers configuration delivered to the client SDK contains only these AU endpoints.

  • Strict ICE candidate filtering. The client SDK implements iceCandidateFilter logic that drops any server-reflexive or relay candidate whose resolved IP geolocation is outside Australia before it is added to the SDP offer. The browser never proposes a non-AU relay path.

  • TURN credential signing via AU-resident KMS. Short-lived TURN credentials (HMAC-based, per RFC 8489) are signed by an AWS KMS key bound to ap-southeast-2 with a key policy that denies kms:Sign from any principal outside the AU region.

  • GPU node affinity with egress-deny. Inference workloads run on ap-southeast-2 GPU nodes with Kubernetes nodeAffinity rules and VPC egress-deny network policies. No audio, tokens, model gradients, or telemetry route to endpoints outside Australia — including during horizontal autoscaling or A/B model routing.

  • Observability locked to AU tenancy. Logging, metrics, and acoustic feature extraction are processed and stored in an AU-resident observability stack. No spectrograms, transcription fragments, or voice-activity-detection metadata are exported to any US or global SaaS telemetry tenant.

This architecture ensures no clinical data — audio, text, embeddings, gradients, or operational telemetry — exits Australian sovereign territory at any phase: capture, transit, inference, storage, or monitoring. The anchor truth: APP compliance for AI scribes hinges on local data residency and TGA classification, ensuring clinical data never leaves Australian sovereign territory during the inference phase — and, critically, during every phase that precedes and follows it.

For CPOs requiring independent verification, Scribing.io provides a Data Flow Attestation Report mapped to each APP, including network topology diagrams showing TURN server locations, VPC routing tables, and KMS key policies. For a comparison of how other jurisdictions handle similar data-residency requirements for AI scribes, see our analyses of California Laws and HIPAA 2026 patient consent requirements.

Clinical Logic: Handling a NSW Psychiatry Telehealth Cross-Border Disclosure Scenario

The Scenario

A NSW psychiatrist conducts a telehealth review for a patient diagnosed with generalised anxiety disorder (F41.1) and recurrent, moderate major depressive disorder (F33.1). The clinic uses a generic "AU-hosted" AI scribe. During the session, the patient's enterprise VPN and the clinic's symmetric NAT block direct WebRTC connectivity. The scribe's TURN infrastructure falls back to an anycast relay in Singapore. Concurrently, the scribe's observability pipeline exports acoustic features — energy levels, spectral centroids, voice-activity-detection metadata — to a US-based telemetry tenant for model quality monitoring.

Two months later, the patient exercises their right under APP 12 to request access logs showing where their data was processed. The clinic discovers the Singapore relay and US telemetry export. This triggers:

  • A 30-day assessment under s 26WH of the Privacy Act 1988 to determine whether the cross-border disclosure constitutes an eligible data breach under the OAIC Notifiable Data Breaches scheme.

  • Payer scrutiny from Services Australia regarding MBS telehealth billing compliance.

  • Operational paralysis: the clinic halts new patient intakes pending the NDB assessment, incurs reputational risk with referring GPs, and faces potential civil penalties of up to AUD $50 million per serious or repeated interference under the Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022.

Step-by-Step: How Scribing.io Prevents Every Failure Mode

Phase

Risk with Generic Scribe

Scribing.io Control

APP Addressed

1. Capture — WebRTC media relay

Anycast TURN routes audio via Singapore when P2P fails

AU-only TURN (SYD1/SYD2/MEL1) with strict ICE candidate filtering; non-AU candidates dropped pre-SDP

APP 8 (cross-border disclosure)

2. Consent — in-session documentation

No in-session consent capture; clinic relies on paper forms signed months prior

In-note APP 5 consent banner with timestamped audio anchor — records the exact moment the clinician verbalises the consent notice and links it to the note

APP 5 (notification of collection)

3. Inference — LLM processing

GPU workload may autoscale to non-AU regions during demand spikes

ap-southeast-2 GPU node affinity with Kubernetes nodeAffinity + VPC egress-deny; autoscaler constrained to AU capacity pool

APP 8, APP 11 (security)

4. Clinical cue — suicide risk assessment

No structured prompt for MBS 2715/2717 mental health plan requirements

Real-time prompt pack detects when suicidality screening, protective factors, risk level, and privacy disclosures are not verbalised; displays non-intrusive on-screen nudge

APP 1, MBS compliance

5. Observability — telemetry and acoustic features

Acoustic features exported to US SaaS tenant for model monitoring

AU-resident observability stack; no spectral features, VAD metadata, or transcription fragments leave Australia

APP 8, APP 11

6. Audit response — APP 12 access request

Clinic scrambles to reconstruct data-flow logs across multiple vendor sub-processors

APP 1/11 audit pack generated in minutes: timestamped data-flow log, TURN session records showing AU-only relay IPs, GPU node placement, consent audio anchors

APP 1, APP 12

Granular Logic Breakdown: Phase by Phase

Phase 1 — Capture lockdown. When the psychiatrist opens the Scribing.io session, the client SDK requests ICE credentials from the AU-resident credential service. The iceServers array contains only SYD1, SYD2, and MEL1 TURN endpoints. The SDK's onicecandidate handler inspects each candidate's IP against an AU IP geolocation table. Any candidate resolving to a non-AU IP is discarded before SDP offer construction. The browser's connectivity check therefore only ever tests paths to Australian relay servers. Even if the clinic's firewall blocks all STUN-reflexive paths, the fallback TURN relay is guaranteed to be in Australia. Result: zero cross-border audio egress during capture.

Phase 2 — Consent anchoring. At session start, Scribing.io displays an in-note banner: "This consultation is being transcribed by an AI scribe. Audio is processed and stored in Australia. You may withdraw consent at any time." The system timestamps the banner display and links it to the corresponding audio segment. When the psychiatrist verbalises the consent notice (as recommended by the RACGP guidance on AI in general practice), the system anchors the verbal confirmation to the transcript with a cryptographic hash. This satisfies APP 5 notification requirements and creates an auditable consent artifact that withstands OAIC scrutiny.

Phase 3 — Sovereign inference. The transcribed audio is processed by LLM inference on GPU nodes in ap-southeast-2. Kubernetes nodeAffinity rules prevent scheduling on any node outside this region. VPC network policies enforce egress-deny to all non-AU IP ranges. During demand spikes, the horizontal pod autoscaler scales within the AU capacity pool only; if AU GPU capacity is exhausted, new sessions queue rather than spill to another region. This is the design choice that distinguishes sovereign inference from "AU-preferred" inference: Scribing.io accepts queuing over data leakage.

Phase 4 — Clinical cue for MBS completeness. The psychiatrist discusses medication adjustment and therapeutic progress. Midway through the consultation, the prompt pack detects that the structured suicide-risk assessment — required for MBS psychiatrist review items — has not been verbalised. A non-intrusive cue appears: "Consider verbalising: suicide risk assessment including risk/protective factors." The psychiatrist conducts the assessment. The transcript captures the structured risk evaluation, the protective factors identified, and the psychiatrist's risk-level determination. This documentation element is critical for MBS compliance and medicolegal defensibility, as noted in RANZCP clinical practice guidelines.

Phase 5 — Observability containment. After session completion, model quality metrics (word error rate, speaker diarisation accuracy, latency percentiles) are computed within the AU-resident observability stack. Acoustic features used for model retraining — spectrograms, energy contours, VAD flags — are stored in an encrypted S3 bucket in ap-southeast-2 with a bucket policy that denies s3:GetObject from any IAM principal outside the AU account. No telemetry export to Datadog US, Grafana Cloud US, or any non-AU SaaS tenant occurs.

Phase 6 — Audit pack generation. If the patient exercises APP 12 rights, the clinic generates an APP 1/11 audit pack from Scribing.io's compliance dashboard. This pack includes: TURN session logs showing the relay server IP (e.g., 13.236.x.x — Sydney), GPU node placement records (instance ID, availability zone ap-southeast-2a), the consent audio anchor with timestamp and hash, the completed note with ICD-10 codes and MBS item mapping, and a data-flow diagram showing the entire path from microphone to storage. The clinic produces this in minutes, not weeks. No NDB assessment is triggered because no cross-border disclosure occurred.

TGA SaMD Classification: Documentation-Only vs. Clinical Decision Support

The Therapeutic Goods Administration classifies software as a medical device (SaMD) under the Therapeutic Goods (Medical Devices) Regulations 2002 when the software is intended to be used for a therapeutic purpose — including diagnosis, prevention, monitoring, prediction, prognosis, treatment, or alleviation of disease. The critical classification boundary for AI clinical scribes is whether the software informs clinical management or merely documents clinical decisions already made by the clinician.

Scribing.io's Classification Position

Scribing.io is a documentation-only tool. It transcribes clinical encounters, structures the transcript into a clinical note, suggests ICD-10 codes for clinician review, and prompts for documentation completeness. It does not:

  • Recommend diagnoses the clinician has not already verbalised.

  • Suggest treatment changes, medication adjustments, or referral pathways.

  • Generate risk scores that alter patient management (e.g., cardiovascular risk calculators, sepsis prediction).

  • Trigger automated clinical pathways or order sets.

Under the TGA's SaMD guidance, documentation-only software that does not inform clinical management falls outside the definition of a medical device. Scribing.io maintains this position through:

  • ISO 14971 risk management files that define the intended use boundary and document the risk analysis for boundary-adjacent features (e.g., ICD-10 code suggestion, documentation completeness cues).

  • A ready ARTG (Australian Register of Therapeutic Goods) dossier should any feature cross into Class IIa clinical decision support — for example, if a future feature were to generate a risk score that directly informs triage. The dossier is maintained proactively, not reactively.

  • Quarterly boundary reviews where product, clinical, and regulatory teams assess whether new features approach the CDS threshold.

This proactive stance matters because the TGA has signalled increased scrutiny of AI-based clinical tools. A CPO evaluating AI scribe vendors should ask: Does your vendor have an ISO 14971 risk file for their clinical AI, and can they produce a TGA classification rationale on demand? If the answer is no, the vendor is not taking regulatory classification seriously — and the health service inherits the regulatory risk.

Technical Reference: ICD-10 Documentation Standards

Accurate ICD-10 coding for mental health encounters is essential for MBS billing integrity, clinical audit defensibility, and continuity of care. The NSW psychiatry scenario above involves two primary diagnoses:

How Scribing.io Ensures Maximum Specificity

ICD-10-AM (Australian Modification) requires coding to the highest level of specificity supported by the clinical documentation. A common failure mode: clinicians document "depression" without specifying recurrence or severity, resulting in an unspecified code (F32.9 or F33.9) that may trigger payer audits, reduce casemix weighting in activity-based funding, or fail to capture the clinical complexity required for MBS mental health item justification.

Scribing.io addresses this through a three-stage coding pipeline:

  1. Transcript extraction. The NLP layer identifies diagnostic entities in the clinician's verbalised assessment: "recurrent depressive disorder, currently moderate severity" maps to the F33.1 code axis. The system detects both the recurrence qualifier and the severity qualifier as distinct coding elements.

  2. Specificity gap detection. If the clinician says "depression" without specifying recurrence or severity, the system flags the gap. A non-intrusive cue prompts: "Consider specifying: episode type (single/recurrent) and current severity." This ensures the clinician's verbal record contains the detail needed for maximum-specificity coding.

  3. Clinician review and confirmation. Suggested codes are presented in the draft note with supporting transcript excerpts. The clinician confirms, modifies, or rejects each code. No code is finalised without clinician attestation. This preserves the documentation-only classification boundary — the system suggests based on what the clinician said, not what the system thinks the diagnosis should be.

Research published in JAMA Health Forum demonstrates that AI-assisted coding with clinician review reduces unspecified-code usage by 35–45% in mental health documentation. For the NSW psychiatry scenario, this means the note captures F41.1 and F33.1 with recurrent and moderate specifiers — supporting MBS billing, clinical audit, and the patient's continuity of care with their referring GP.

Full APP Compliance Architecture: Capture Through Observability

The following table maps each relevant Australian Privacy Principle to the specific Scribing.io control that addresses it across the full data lifecycle:

APP

Obligation

Scribing.io Control

Evidence Artifact

APP 1 — Open and transparent management

Maintain a clearly expressed and up-to-date APP privacy policy; take reasonable steps to implement practices ensuring compliance

Published data-flow architecture; Data Flow Attestation Report per deployment; quarterly PIA reviews

Attestation report with TURN topology, VPC routing tables, KMS key policies

APP 3 — Collection of solicited personal information

Collect only information reasonably necessary for functions

Audio retained only for session duration + clinician-configurable retention window (default 30 days); no indefinite audio archival; acoustic features retained only for model quality, not re-identification

Retention policy configuration logs

APP 5 — Notification of collection

Notify individual of collection, purpose, and disclosure at or before collection

In-note consent banner with timestamped audio anchor; verbal consent detection and transcript linking

Consent audio anchor with cryptographic hash

APP 6 — Use or disclosure

Use or disclose only for the primary purpose of collection or a directly related secondary purpose the individual would reasonably expect

Audio used only for transcription and note generation; acoustic features used only for model quality within AU; no secondary use without explicit consent

Data processing inventory mapped to purpose limitation

APP 8 — Cross-border disclosure

Take reasonable steps to ensure overseas recipient does not breach APPs; remain accountable under s 16C

No cross-border disclosure occurs: AU-only TURN, AU-only inference, AU-only observability; no overseas recipient exists in the data flow

TURN session logs with AU-only relay IPs; GPU node placement records; VPC egress-deny policy

APP 11 — Security of personal information

Take reasonable steps to protect from misuse, interference, loss, unauthorised access, modification, or disclosure

DTLS-SRTP media encryption; AES-256 at-rest encryption; AU-resident KMS; VPC egress-deny; SOC 2 Type II scoped to full data lifecycle including media plane

SOC 2 report with media-plane scope confirmation; penetration test reports

APP 12 — Access to personal information

Give individual access to their personal information on request

APP 1/11 audit pack generation: timestamped data-flow log, TURN records, consent anchors, completed note, ICD-10 codes

Downloadable audit pack from compliance dashboard

OAIC NDB 30-Day Assessment: What Triggers It, How to Survive It

Under Part IIIC of the Privacy Act 1988, an entity that suspects an eligible data breach has occurred must conduct a reasonable and expeditious assessment within 30 days (s 26WH). A cross-border audio relay — even transient — involving health information meets the threshold for a suspected eligible data breach because:

  • Health information is a category of sensitive information under s 6 of the Act.

  • Unauthorised disclosure of sensitive information to an overseas entity is likely to result in serious harm to the individual (the default position for health data under the OAIC's NDB assessment guide).

  • The entity cannot demonstrate that "reasonable steps" were taken to prevent the disclosure — because the TURN relay was not identified in the vendor's privacy impact assessment.

During the 30-day assessment, the clinic must determine: (a) whether the disclosure occurred, (b) whether it is likely to result in serious harm, and (c) whether remedial action has reduced the risk below the serious-harm threshold. For a clinic using a generic scribe with no TURN session logs, reconstructing (a) is itself a multi-week forensic exercise involving the vendor, the cloud provider, and potentially the OAIC.

With Scribing.io, this scenario does not arise. But if a CPO needs to demonstrate preparedness to a board or regulator, Scribing.io's compliance dashboard includes a simulated NDB assessment workflow: it generates the evidence pack that would be required if a breach were suspected, proving that all data paths remained within Australia. This simulation capability is part of the APP 8 Architecture Verification session described below.

MBS 2715/2717 Mental Health Prompt Pack: Baking Compliance Into the Narrative

Medicare Benefits Schedule items 2715 (GP Mental Health Treatment Plan) and 2717 (psychiatrist review) require specific clinical elements: a biopsychosocial assessment, suicide risk evaluation with protective factors, and patient consent for information sharing with the referring practitioner. Research indexed in PubMed indicates that clinicians omit at least one required MBS documentation element in approximately 20–30% of mental health consultations when working without structured prompts.

Scribing.io's real-time prompt pack for MBS mental health items monitors the consultation transcript as it unfolds. When the system detects that a required element has not been verbalised, it displays a non-intrusive on-screen nudge:

  • "Consider verbalising: suicide risk assessment including risk and protective factors."

  • "Consider verbalising: patient consent for information sharing with referring GP."

  • "Consider verbalising: biopsychosocial formulation including social and occupational functioning."

These cues do not constitute clinical decision support that alters patient management. They are documentation completeness cues — ensuring the clinician's existing clinical reasoning is fully captured in the record. This distinction is critical for maintaining the TGA documentation-only classification and for ensuring clinician autonomy is preserved, consistent with the AMA's position statement on AI in healthcare.

The prompt pack also embeds APP compliance into the clinical workflow. By cueing the psychiatrist to verbalise the privacy disclosure ("I will share a summary of today's review with your GP — are you comfortable with that?"), the system ensures that APP 5 notification and APP 6 use-and-disclosure requirements are met through the natural flow of the consultation, not through a separate administrative process. The consent is captured in the transcript, timestamped, and linked to the note — creating an audit trail that satisfies both MBS and APP requirements simultaneously.

CPO Due Diligence Checklist: 14 Questions for Any AI Scribe Vendor

Before deploying any AI clinical scribe, a Chief Privacy Officer should require written responses to these questions. If the vendor cannot answer with technical specificity — citing server locations, credential policies, and network controls rather than generic assurances — the product has not been designed with APP compliance as an architectural constraint.

  1. Where are your STUN and TURN servers located? Provide the full list of IP ranges and data centre locations.

  2. What ICE candidate filtering policy is applied? Can the client ever propose a non-AU relay candidate?

  3. How are TURN credentials generated and signed? Which KMS region holds the signing key?

  4. During GPU autoscaling, can inference workloads be scheduled on nodes outside ap-southeast-2?

  5. What VPC egress policies prevent data from routing to non-AU endpoints?

  6. Where does your observability/telemetry data reside? Do acoustic features, spectrograms, or VAD metadata ever leave Australia?

  7. Is your SOC 2 Type II scope inclusive of the WebRTC media plane, or is it limited to the inference API?

  8. Do you maintain an ISO 14971 risk management file for your clinical AI?

  9. What is your TGA SaMD classification rationale? Can you produce it on demand?

  10. How do you capture and timestamp patient consent for AI-assisted documentation within the session?

  11. Can you generate a complete data-flow audit log for a single patient session, showing every server that processed their data?

  12. What is your retention policy for raw audio? Can the clinic configure it?

  13. How do you handle APP 12 access requests? What is the turnaround time for producing a complete evidence pack?

  14. Do you have a process for assessing whether new features cross the TGA CDS classification threshold?

Scribing.io provides documented, technically verified answers to every one of these questions as part of our standard onboarding process — not as an enterprise add-on gated behind a separate procurement cycle.

Book an APP 8 Architecture Verification

Assertions are insufficient. Proof is required. Book a 20-minute APP 8 Architecture Verification with the Scribing.io clinical infrastructure team. During this session, you will receive:

  • Live packet trace proving AU-only WebRTC media relay — you will see the ICE candidate filtering in action, with every TURN relay IP resolving to Australian data centres.

  • OAIC NDB 30-day assessment simulation — we generate the complete evidence pack your clinic would need if a data breach were suspected, demonstrating that all processing remained within Australian sovereign territory.

  • TGA SaMD classification briefing tailored to your deployment — our regulatory team walks through the ISO 14971 risk file, the documentation-only classification rationale, and the ARTG readiness dossier.

This is not a sales demonstration. It is a technical verification session designed for CPOs, CISOs, and clinical governance leads who need evidence, not assurances. Request your session at Scribing.io.

Still not sure? Book a free discovery call now.

Frequently

asked question

Answers to your asked queries

Can we get started today?

Can I edit or review notes before they go into my EHR?

Does Scribing.io work with telehealth and video visits?

Is Scribing.io HIPAA compliant?

Is patient data used to train your AI models?

Still not sure? Book a free discovery call now.

Frequently

asked question

Answers to your asked queries

Can we get started today?

Can I edit or review notes before they go into my EHR?

Does Scribing.io work with telehealth and video visits?

Is Scribing.io HIPAA compliant?

Is patient data used to train your AI models?

Still not sure? Book a free discovery call now.

Frequently

asked question

Answers to your asked queries

Can we get started today?

Can I edit or review notes before they go into my EHR?

Does Scribing.io work with telehealth and video visits?

Is Scribing.io HIPAA compliant?

Is patient data used to train your AI models?

Image

Clinical Precision.
Zero Documentation Debt

Finish Your Charts - Go Home on Time.

Image

Clinical Precision.
Zero Documentation Debt

Finish Your Charts - Go Home on Time.

Image

Clinical Precision.
Zero Documentation Debt

Finish Your Charts - Go Home on Time.