Skip to main content
Open Book Clinical/Governance/Clinical Risk Management Plan
Clinical Safety

Clinical Risk Management Plan

Version: 1.0Effective date: 1 July 2025Next review: July 2026Owner: OpenBook Clinical Pty Ltd

Purpose and Scope

This Clinical Risk Management Plan (Plan) identifies and documents the clinical risks associated with the use of OpenBook Clinical's AI-assisted evidence synthesis capabilities, and sets out the controls and procedures in place to manage those risks. It is intended for review by hospital clinical governance committees, university human research ethics boards, NDIS quality and safeguarding teams, and any institution assessing the clinical safety profile of OpenBook Clinical.

This Plan covers risks arising from the AI-assisted evidence synthesis function of the platform. It does not address general information security risks, which are covered in the Trust & Security Centre, or data processing risks, which are addressed in the Data Processing Agreement.

This Plan is reviewed annually, or sooner following any material AI system change, notified incident, or request from a regulatory or institutional body. It should be read alongside the AI Governance Framework.

Clinical Risk Register

The following risk register identifies clinical risks, rates their inherent likelihood and severity prior to mitigation, describes the controls in place, and assesses the residual risk after controls are applied. Risk ratings use the following scale:

LowLow–MediumMediumMedium–HighHighVery High
CR-001Low

AI fabricates or misrepresents a clinical guideline recommendation

Clinician acts on incorrect guidance, potentially causing patient harm

Likelihood
Low
Severity
High

Mitigation: All AI outputs carry "verify before clinical use" disclaimer. All citations link to source database records — no citation is generated from model memory alone. Clinician is instructed to verify source before clinical application.

CR-002Low–Medium

Evidence grade assigned incorrectly to a retrieved record

Clinician over- or under-weights evidence; may rely on lower-quality evidence as if it were a systematic review

Likelihood
Medium
Severity
Medium

Mitigation: NHMRC evidence grade is displayed with a plain-English explanation of the grading criteria. Grade labels are flagged as AI-estimated. Clinician review of the original source record is required.

CR-003Low–Medium

Outdated clinical guideline or superseded recommendation returned in results

Clinician applies a recommendation that has since been revised or withdrawn

Likelihood
Medium
Severity
High

Mitigation: Evidence retrieval queries live external databases (no cached corpus). Publication year is displayed prominently for each record. Users are advised to check that guidelines are current before clinical application.

CR-004Low

Retracted paper included in evidence synthesis

Clinician relies on evidence that has been formally invalidated

Likelihood
Low
Severity
High

Mitigation: Retraction flagging is checked where available via source database metadata. Users are advised to verify that retrieved papers have not been retracted prior to clinical reliance. PubMed retraction notices are indexed.

CR-005Low

User enters patient-identifiable data into a clinical query

Privacy breach; potential contravention of Privacy Act 1988 (Cth)

Likelihood
Medium
Severity
Very High

Mitigation: PII detection logic scans queries before submission and warns users when patient-identifiable patterns are detected. Terms of Service and UI guidance explicitly prohibit entry of patient data. PHI warning displayed under search bar.

CR-006Medium

User misinterprets AI evidence synthesis as a clinical diagnosis or treatment prescription

Inappropriate clinical reliance; patient receives care based on AI output rather than clinician judgement

Likelihood
Medium
Severity
Very High

Mitigation: Mandatory "not medical advice" disclaimer is displayed before and after every AI output. Platform is marketed and described exclusively as a decision-support tool. Terms of Service include an explicit clinical disclaimer. CPD module encourages reflective, critical engagement with evidence.

CR-007Medium

Evidence gap for Aboriginal and Torres Strait Islander health queries

Clinician receives limited or non-representative evidence; risk of inequitable or culturally inappropriate guidance

Likelihood
Medium
Severity
High

Mitigation: Acknowledged limitation disclosed in AI Governance Framework (Section 7) and in platform documentation. Users directed to supplementary culturally appropriate resources (NACCHO, AIHW, state Aboriginal health bodies) for First Nations health queries.

CR-008Low

Platform unavailability during a clinician's time of need

Delayed access to evidence; clinician must use alternative sources

Likelihood
Low
Severity
Medium

Mitigation: 99.9% uptime target monitored via /api/health endpoint. Vercel edge infrastructure provides global redundancy. Status incidents are communicated via status page. Platform is a decision-support aid; clinical care is not dependent on its availability.

Incident Classification

All incidents and concerns relating to clinical safety, data privacy, or platform performance are classified according to the following four-tier system. Classification determines the response timeframe and escalation pathway.

P1

Critical

Definition: A patient safety concern directly attributable to an OpenBook Clinical AI output — e.g., a clinician reports acting on a fabricated or dangerously incorrect recommendation that caused or nearly caused patient harm.

Response: Acknowledge within 1 hour. Substantive assessment within 4 hours. Escalate immediately to clinical and product leadership. Consider temporary service suspension if systemic issue identified. Notify AHPRA if required by professional obligations.

Contact: openbookclinical@gmail.com (subject: CLINICAL SAFETY — URGENT)

P2

High

Definition: A data breach or privacy incident affecting user personal data, including suspected unauthorised access to the platform or its databases.

Response: Acknowledge within 1 hour. Assess within 24 hours. If eligible data breach, notify OAIC and affected individuals in accordance with NDB scheme (within 30 days). Engage Supabase/AWS incident response as required.

Contact: openbookclinical@gmail.com (subject: SECURITY INCIDENT)

P3

Medium

Definition: A report of incorrect, misleading, or potentially harmful clinical information in an AI output where no immediate patient safety impact is identified. Includes evidence grade errors and outdated guideline reports.

Response: Acknowledge within 24 hours. Clinical review within 5 business days. Document findings and implement mitigations (e.g., prompt improvement, source exclusion, UI warning update) within 20 business days.

Contact: openbookclinical@gmail.com (subject: Clinical Safety Concern)

P4

Low

Definition: A feature complaint, usability issue, or general feedback about search quality that does not involve patient safety, privacy, or incorrect clinical information.

Response: Acknowledge within 2 business days. Review within 10 business days. Log in product backlog for consideration in future releases.

Contact: In-product feedback button or openbookclinical@gmail.com

General Response Procedures

On receiving a clinical safety or incident report, the following steps are taken:

  1. Triage: The report is reviewed and classified (P1–P4) within the applicable acknowledgement window.
  2. Containment: For P1 and P2 incidents, immediate containment measures are considered, including temporary restriction of affected features if a systemic safety issue is identified.
  3. Investigation: The affected output, query, and AI model behaviour are reviewed. Where applicable, the source database record is checked against the synthesised output.
  4. Remediation: Controls are updated as required — this may include prompt engineering changes, source exclusion, UI disclaimer updates, or model version changes.
  5. Documentation: All incidents are logged internally with a root cause assessment and remediation record. P1 and P2 incidents are reflected in the next scheduled governance review.
  6. Communication: Where an incident affects multiple users or involves a systemic error, affected users are notified by email. P1 incidents may be communicated via in-product notification.

Monitoring and Review

OpenBook Clinical monitors clinical risk through the following mechanisms:

  • In-product feedback: Users can flag any AI output using the thumbs-down icon. Flagged outputs are reviewed by the product team and clinical safety flags are escalated for content review.
  • Incident log review: All P1–P3 incidents are reviewed at a scheduled clinical safety review, held following any P1 or P2 incident and otherwise quarterly.
  • AI output spot-checks: A sample of AI outputs are reviewed against source records on a periodic basis to verify citation accuracy and evidence grade assignment.
  • Annual Plan review: This Plan is reviewed annually (next review due July 2026) and updated to reflect any changes to the risk profile, AI model, or applicable regulatory guidance.

Report a clinical safety concern

If you have identified an AI output that is incorrect, misleading, or potentially harmful, please report it immediately. All clinical safety concerns are reviewed by the OpenBook Clinical team and addressed in accordance with the incident classification above.

OpenBook Clinical Pty Ltd · ABN 38 698 494 656 · Sydney, NSW, Australia