Skip to main content
Open Book Clinical/Governance/AI Governance Framework
AI Governance Framework

OpenBook Clinical — AI Governance Framework

Version: 1.0Last reviewed: July 2025Next review: July 2026Owner: OpenBook Clinical Pty Ltd

This Framework sets out how OpenBook Clinical governs the use of artificial intelligence in its clinical evidence synthesis product. It is intended for review by hospital digital health committees, university ethics offices, NDIS providers, and any institution evaluating OpenBook Clinical for deployment within a regulated clinical setting.

1. Purpose and Scope

This AI Governance Framework (Framework) governs the design, deployment, monitoring, and continuous improvement of artificial intelligence systems used within OpenBook Clinical. Specifically, it covers the OpenBook Clinical Evidence Synthesis Engine — the AI component that retrieves clinical literature and synthesises evidence summaries in response to clinician queries.

This Framework applies to:

  • All registered users of the OpenBook Clinical platform (AHPRA-registered clinicians, students, and institutional subscribers)
  • OpenBook Clinical staff involved in product development, AI operations, and clinical safety
  • Third-party AI providers and sub-processors engaged by OpenBook Clinical

This Framework is reviewed annually. A review is also triggered within 30 days of any material change to the AI provider, the underlying model, or the evidence retrieval pipeline. The review cycle and accountability structure are set out in Section 10.

2. AI System Description

Identity

System name: OpenBook Clinical Evidence Synthesis Engine

AI Provider: Anthropic PBC

Model: claude-3-5-sonnet-20241022 (subject to change; material changes communicated to users — see Section 9)

Deployment environment: Vercel (serverless), hosted in accordance with Anthropic API terms

Function

The Evidence Synthesis Engine performs the following operations in response to a clinician query:

  1. Retrieves candidate clinical literature records from PubMed, Europe PMC, Semantic Scholar, and CORE
  2. Filters and ranks records by evidence level (NHMRC hierarchy: Level I–V), recency, and Australian jurisdictional relevance
  3. Passes retrieved records — not model memory — to the large language model for synthesis
  4. Assigns NHMRC-aligned evidence grades (I, II, III, IV, V) to retrieved evidence
  5. Returns a cited, plain-English summary with source links to the originating databases

Intended use

The system is intended for use by AHPRA-registered clinicians and enrolled health science students as a literature retrieval and evidence synthesis aid at the point of care or during clinical preparation. It assists clinicians in locating and understanding peer-reviewed evidence relevant to their clinical questions.

Not intended for

The system is explicitly not intended for:

  • Patient-specific diagnosis or differential diagnosis generation
  • Treatment decisions without independent clinician review and judgement
  • Replacement of institutional clinical guidelines or protocols
  • Use by persons who are not registered health practitioners or enrolled students supervised by a registered practitioner
  • Processing of patient-identifiable information (see Section 4)

3. Clinical Risk Classification

OpenBook Clinical has assessed its AI system against the International Medical Device Regulators Forum (IMDRF) Software as a Medical Device (SaMD): Clinical Evaluationguidance (N41, 2020), and against the Therapeutic Goods Administration (TGA) guidance on software-based medical devices.

Classification outcome

System category: Clinical Decision Support — literature retrieval and evidence synthesis

Clinical risk category: Low (information only; clinician verification required for all outputs)

SaMD classification: OpenBook Clinical is not currently classified as a Software as a Medical Device under TGA guidance applicable to literature retrieval and evidence synthesis tools that do not drive, or directly influence, clinical decisions. The system provides information to support clinical judgement; all decisions remain with the registered clinician.

Risk controls in place

  • All AI outputs carry a mandatory clinical disclaimer displayed prominently before and after results
  • NHMRC evidence grades are displayed prominently alongside each retrieved record with an explanation of what each grade means
  • All citations link directly to source databases (PubMed, Europe PMC, etc.) so clinicians can independently verify the source record
  • PII detection logic warns users before submission if a query appears to contain patient-identifiable information

4. Data Governance

Patient data

OpenBook Clinical does not process patient-identifiable information. Users are instructed not to enter patient names, dates of birth, Medicare numbers, or any other identifying information into the platform. Technical controls include PII detection logic that warns users before a query is submitted if the system detects patterns consistent with patient-identifiable information.

Query data

Clinical queries submitted by users are stored in Supabase (hosted on Amazon Web Services, ap-southeast-2 region, Sydney) as part of the user's search history. Search history is user-deletable at any time via the dashboard. Queries are retained for 90 days on paid plans and 30 days on free plans, after which they are automatically purged.

AI processing — Anthropic API

Queries are processed by the Anthropic API under a zero-data-retention agreement. Anthropic does not retain submitted queries or outputs for model training purposes. OpenBook Clinical does not grant Anthropic permission to use submitted content for training. This is consistent with Anthropic's enterprise API terms as of the date of this Framework.

Access controls

All user data is protected by Row-Level Security (RLS) policies enforced at the database layer. No user can access another user's search history, care plans, or CPD records. Administrative access to production data is restricted to authorised OpenBook Clinical personnel and is logged.

5. Model Risk Assessment

The following table identifies known limitations of large language model-assisted evidence synthesis, their likelihood in the context of OpenBook Clinical's retrieval-grounded architecture, and the mitigating controls in place. Residual risk is assessed after controls are applied.

RiskLikelihoodMitigationResidual risk
Hallucinated citationsLowCitations are sourced exclusively from real database queries, not model memory. All citations link to source records for independent verification.Low
Outdated clinical guidelines returnedMediumEvidence retrieval queries hit live external APIs daily; publication year is displayed prominently for all records. Users are advised to verify currency of guidelines before clinical application.Low–Medium
Evidence grade assigned incorrectlyLow–MediumNHMRC grading is AI-estimated from study metadata; grade labels are displayed with explanatory text. Clinician review of the original source record is required before reliance on grade.Low–Medium
Clinician overreliance on AI synthesisMedium–HighMandatory clinical disclaimer on all output screens. System design positions AI synthesis as a starting point, not a final answer. CPD module encourages reflective practice.Medium
Retracted paper included in synthesisLowRetraction indexing is checked where available via the source databases. Users are advised to verify that retrieved papers have not been retracted before clinical reliance.Low

6. Incident Reporting

OpenBook Clinical maintains dedicated channels for reporting incidents related to security and clinical safety. All incidents are logged, assessed, and responded to in accordance with the following commitments.

Contact channels

Security incidents: openbookclinical@gmail.com (subject: Security)

Clinical safety concerns: openbookclinical@gmail.com (subject: Clinical Safety)

Response commitments

  • Acknowledgement: Within 24 hours of receiving a report
  • Substantive response: Within 5 business days
  • Critical patient safety incidents (P1): Substantive response within 4 hours (see Clinical Risk Management Plan for incident classification)

Notifiable Data Breach obligations

OpenBook Clinical is bound by the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). In the event of an eligible data breach, OpenBook Clinical will notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable after becoming aware of the breach, and will notify affected individuals within 30 days.

7. Bias and Fairness

Known corpus bias

The clinical literature retrieved by OpenBook Clinical is sourced from international academic databases that skew toward English-language, high-income country research. This reflects a systemic bias in published medical literature, not a specific design choice of OpenBook Clinical. Users are encouraged to be aware that evidence base coverage may be thinner for conditions or populations under-represented in English-language peer-reviewed literature.

Aboriginal and Torres Strait Islander health

OpenBook Clinical acknowledges that evidence specifically addressing the health needs of Aboriginal and Torres Strait Islander peoples is limited in the databases we index. Where clinical questions relate to the health of First Nations peoples, users are strongly encouraged to supplement OpenBook Clinical outputs with culturally appropriate resources including those published by the National Aboriginal Community Controlled Health Organisation (NACCHO), the Australian Institute of Health and Welfare (AIHW), and relevant state and territory Aboriginal health bodies.

Individual user pattern monitoring

OpenBook Clinical does not process patient data and therefore does not — and cannot — monitor individual user outputs for discriminatory clinical patterns at the patient level. Aggregate monitoring for query patterns that may indicate misuse is conducted at the platform level.

8. Human Oversight

OpenBook Clinical is designed on a human-in-the-loop principle. The following oversight requirements are embedded in the system's design and terms of use.

  • All AI-generated outputs require verification by a registered clinician before any clinical application. This requirement is stated in the clinical disclaimer displayed on every output screen and in the Terms of Service.
  • The system does not make, or purport to make, autonomous clinical decisions. It produces information summaries only.
  • The clinician remains solely responsible for all patient care decisions, including the decision to act on, modify, or disregard any evidence surfaced by OpenBook Clinical.
  • Users may flag incorrect or potentially harmful outputs via the feedback mechanism (thumbs down icon on any result). Flagged outputs are reviewed by the OpenBook Clinical team and may trigger a clinical safety review process.
  • OpenBook Clinical does not generate autonomous recommendations, send clinical alerts, or interact with electronic medical record systems without explicit clinician initiation.

9. Change Management

AI provider changes

Any change of primary AI provider (e.g., from Anthropic to another provider) is treated as a material change. Users will be given a minimum of 48 hours' advance notice. A governance review is required before deployment, and the Framework will be updated within 30 days of the change.

Model version updates

Updates to the AI model (e.g., a new Claude version) are logged in the product changelog at /changelog. Material changes — defined as changes that alter the nature of outputs, add new capabilities, or alter data retention behaviour — are communicated to users via in-product notification and email.

Evidence source changes

Changes to the evidence databases queried by OpenBook Clinical (e.g., addition or removal of a source) are communicated via the changelog. Users are notified by in-product announcement for changes that materially affect the scope of evidence retrieved.

10. Review and Accountability

Ownership

This Framework is owned and maintained by OpenBook Clinical Pty Ltd (ABN 38 698 494 656), trading as Open Book Clinical. Enquiries regarding this Framework should be directed to openbookclinical@gmail.com.

Review triggers

A review of this Framework is triggered by any of the following:

  • Annual scheduled review (next due: July 2026)
  • Change of AI provider or material change to the underlying model
  • A P1 or P2 clinical safety or privacy incident
  • A material change to applicable regulatory requirements (e.g., TGA guidance on AI-enabled software, OAIC guidance on AI and privacy)
  • A request for review from an institutional subscriber or AHPRA

Version history

VersionDateSummary of changes
1.0July 2025Initial release

OpenBook Clinical Pty Ltd · ABN 38 698 494 656 · Sydney, NSW, Australia