Governance
Marketing Agency & AI Governance Checklist
One page that pins down what your marketing agency can touch, who approves patient-facing claims, and what happens when AI writes your copy. Print it, fill it in with your agency, and keep it with your practice policies.
Your agency publishes in your name — but AHPRA holds the practice responsible for what appears. Most practices have never written down what the agency may publish without asking, who can edit the website, or whether AI-written copy gets a human review. This checklist is that page.
Free. No patient data required. General template — adapt to your practice.
Marketing Agency & AI Governance Checklist
The agency governance page for ________________________ (practice name), covering ________________________ (agency / freelancer). Completed together on __________. Review yearly and whenever the agency or scope changes.
How to use this: sit down with your agency (or send it to them), fill in every row, and have both sides sign. Anything you can't answer is not a gap in the form — it's a question for the agency. Keep it wherever your practice policies live.
Why this page matters
- The practice carries the responsibility. Advertising rules for regulated health services apply to what appears under your name — whoever wrote it, however it was generated. "The agency did it" is not a defence you want to test.
- AI has changed agency output. Drafts arrive faster, in greater volume, and sound confident — including wording that can trip advertising rules (testimonials, outcome promises, "best in…" claims). Volume makes the approval step matter more, not less.
- Access is risk. An agency that can edit your website, booking system or forms without sign-off can introduce a problem faster than you can spot it.
1. What the agency can touch
| System | Access level (none / view / edit) | Can change WITHOUT owner approval? | Who revokes access when we part ways |
|---|---|---|---|
| Website | __________ | yes / no | __________________ |
| Booking system / online forms | __________ | yes / no | __________________ |
| Google Business Profile | __________ | yes / no | __________________ |
| Social accounts | __________ | yes / no | __________________ |
| Ad accounts (Google/Meta) | __________ | yes / no | __________________ |
| Tracking pixels / analytics | __________ | yes / no | __________________ |
Any row with edit access + "yes" is your highest-risk combination — decide deliberately, not by default.
2. Who approves patient-facing claims
| Question | Answer |
|---|---|
| Who gives final approval before anything patient-facing is published? | __________________ |
| Are patient reviews / testimonials reused in marketing? (testimonials about clinical care are an advertising review trigger) | yes / no / unsure |
| Is before/after imagery used? Under what consent and context? | __________________ |
| Are superlatives ("best", "leading", "#1") and outcome promises ("guaranteed results") excluded? | yes / no / unsure |
| What happens when the practice says "take it down"? How fast? | __________________ |
3. When AI writes the copy
| Rule | Agreed? |
|---|---|
| AI-drafted content is always reviewed by a named human before publishing | yes / no |
| The reviewer checks specifically for advertising-rule triggers (testimonials, outcomes, superlatives, before/after) | yes / no |
| No patient information is ever entered into AI tools to generate marketing (including "anonymised" treatment stories) | yes / no |
| The practice is told which AI tools the agency uses on its behalf — and they're listed on the practice's AI tool register | yes / no |
4. Evidence and review cadence
- Keep the approvals. A simple email trail ("approved — Scott, 12/6") is enough; the point is that approval happened and can be shown.
- Quarterly skim: open your own homepage, Google profile and latest posts as a patient would. Anything that reads like a testimonial, outcome promise or superlative goes on the review list.
- Annual re-sign: review this page with the agency once a year and whenever scope, staff or tools change.
Sign-off
| Name | Signature | Date | |
|---|---|---|---|
| For the practice | ____________ | ____________ | ______ |
| For the agency | ____________ | ____________ | ______ |
This is a general governance template for practice–agency workflows. It is not legal advice, and completing it does not establish compliance with AHPRA advertising requirements, the Privacy Act, the Australian Privacy Principles, or any other obligation. Items flagged here are review prompts, not findings. Adapt it to your practice and seek qualified advice for your circumstances.