NSW Health Establishes AI Governance Framework for Public Hospitals
NSW Health has introduced a risk-based framework to govern AI deployment across the state's public hospital system, establishing an advisory service to review and approve proposed AI projects before implementation.
The framework, developed over two years by a dedicated taskforce of senior leaders and subject matter experts, addresses seven priority areas: consumer engagement, workforce support, privacy and security, governance and regulation, safety, ethics and quality, and research and development.
How the Framework Works
The NSW Health AI Advisory Service assesses AI requests in consultation with clinical and technical experts. The service reviews project design, data use, and governance arrangements to ensure compliance with state and national requirements.
Clinicians can use the framework to evaluate existing and planned AI initiatives, understand their obligations when deploying AI tools, and access guidance through established channels. The advisory service also embeds best practice assurance throughout the AI lifecycle.
Richard Taggart, CIO of NSW Health and co-chair of the AI taskforce, said the framework supports "safe and responsible adoption of AI." He added that eHealth NSW is now identifying use cases for AI tools across the public health system, with assessment based on impact to clinical decision support, administrative functions, patient engagement, and clinical acceptance.
Why Governance Matters
While AI offers clinical benefits, it introduces risks around safety, ethics, privacy, and security. NSW Health emphasizes that any AI adoption must follow advisory service recommendations and comply with all relevant regulations.
Taggart said the approach is "grounded in transparency, accountability and trust." NSW Health will update the framework regularly as AI technology evolves.
Context: Recent Security Concerns
The framework's release follows an audit by the NSW Auditor-General that found NSW Health ineffective in managing cybersecurity risks to clinical systems. The report noted that Local Health Districts have not met minimum cybersecurity requirements since 2019 and lack adequate response and recovery plans.
The audit also found that eHealth NSW had not clearly defined cybersecurity roles or ensured consistent application of security tools across critical IT assets.
Your membership also unlocks:
