Chatgpt to help with progress note writing. Are your staff using it?

In Australia, the use of public generative AI tools such as ChatGPT within aged care facilities must comply strictly with existing privacy laws, particularly the federal Privacy Act 1988 and applicable state and territory legislation. A fundamental rule is that personal or sensitive health information must never be entered into public AI platforms.

Key Privacy Considerations and Risks

Lack of Confidentiality in Public AI Tools
Public versions of generative AI tools do not provide guaranteed confidentiality or legal privilege. Information entered may be logged, retained, or used to train future models, and could potentially be accessed by developers or third parties, including law enforcement agencies.

Sensitive Health Information and Data Breaches
Under Australian law, health information is classified as sensitive data. Entering such information into an AI system without authorisation may constitute a notifiable data breach, exposing organisations to serious legal and regulatory consequences.

Data Storage and Overseas Jurisdictions
Many AI tools store data outside Australia. Uploading personal information to systems with offshore data storage may breach Australian privacy obligations and subject the information to foreign legal frameworks.

Requirement for Informed Consent
Explicit, informed consent must be obtained from residents or their authorised representatives before using any AI tool that involves personal data. This consent should be clearly documented, preferably within the resident’s health record.

Organisational Accountability
Aged care providers and their staff remain fully responsible for any use of AI-generated content in care delivery. Facilities must establish clear policies, procedures, and staff training outlining acceptable and prohibited uses of AI.

Accuracy and Human Verification
AI-generated information should never be treated as definitive. All outputs must be reviewed, verified, and validated by a qualified human professional to ensure accuracy and suitability for the specific care context.

Best Practice Recommendations for Aged Care Facilities

• Develop a Clear AI Usage Policy
  Policies should explicitly prohibit the entry of personal or identifiable information into general-purpose AI tools. Where possible, features such as data retention or model training should be disabled; otherwise, use should be restricted or prohibited.
• Use De-identified or Synthetic Data
  AI may be used for general tasks—such as drafting policy templates or summarising best-practice guidelines—provided all data is anonymised and contains no personal identifiers.
• Consider Secure Enterprise AI Solutions
  Enterprise-grade AI platforms may offer enhanced privacy protections, including assurances that data is not retained or used for training purposes.
• Maintain Human Oversight
  A qualified professional must always make the final decision on any content or recommendation generated with AI assistance.
• Stay Up to Date with Regulatory Guidance
  Government bodies, including the Department of Health and the Aged Care Quality and Safety Commission, are developing frameworks to guide the safe and responsible use of AI in healthcare and aged care settings.

Compliance with the Australian Privacy Principles (APPs) is mandatory for all organisations that collect, use, or store personal information in Australia.