The promise of AI agents handling patient communications is compelling. Imagine automated appointment reminders, medication adherence check-ins, and post-discharge follow-ups that don’t require human intervention. Platforms like OpenClaw—with its 192,000+ GitHub stars and marketplace of 3,984+ skills—represent the kind of autonomous agent technology that could theoretically transform healthcare operations.

But here’s the uncomfortable truth: healthcare can’t afford to move fast and break things.

The Regulatory Reality

Any system that communicates with patients in Australia falls under strict oversight. The Therapeutic Goods Administration (TGA) classifies certain AI-driven medical software as medical devices, subject to regulatory approval. Even if your AI agent doesn’t make clinical decisions, if it provides health information or influences patient behaviour, you’re in regulatory territory.

The Australian Digital Health Agency’s framework for digital health systems emphasises safety, privacy, and accountability. An AI agent that misinterprets a patient query about symptoms—or worse, provides reassurance when urgent care is needed—isn’t just a technical failure. It’s a potential clinical incident with real-world consequences.

Privacy regulations add another layer. The Privacy Act 1988 and the My Health Records Act 2012 impose strict requirements on how patient data is collected, stored, and processed. An AI agent platform needs audit trails, consent management, and data residency controls that meet Australian standards. Many open-source platforms weren’t designed with healthcare-grade compliance in mind.

The Security Problem with Open Ecosystems

OpenClaw’s marketplace model—where developers contribute skills that organisations can plug into their agents—is both its strength and its Achilles heel. The platform boasts thousands of available skills, but recent security audits tell a sobering story.

Research indicates that over 36% of OpenClaw marketplace skills contain security flaws. More concerning: 341 skills have been confirmed as malicious, and over 30,000 OpenClaw instances are exposed to the internet without proper hardening.

In healthcare, those numbers are terrifying. A compromised AI agent could expose patient records, leak appointment schedules, or be manipulated to spread medical misinformation. The Australian Cyber Security Centre has repeatedly warned healthcare organisations about supply chain risks in third-party software. An AI agent platform with unvetted, community-contributed skills is exactly that kind of risk.

Ethical Considerations Beyond Compliance

Even if you solve the regulatory and security challenges, ethical questions remain. Should patients know they’re speaking with an AI? How do you ensure the agent doesn’t reinforce health disparities by performing poorly with certain accents, languages, or communication styles?

The CSIRO’s Responsible AI framework outlines principles that healthcare AI should follow: fairness, transparency, accountability, and contestability. An AI agent needs to gracefully hand off to humans when queries exceed its competence. It needs to explain its limitations upfront. And it needs continuous monitoring to catch bias or drift.

There’s also the question of therapeutic alliance. Healthcare isn’t purely transactional. Patients build trust with their providers over time, and that trust influences treatment adherence and outcomes. Does an AI agent undermine that relationship? Or can it be designed to support it?

What Healthcare Organisations Should Evaluate

If you’re considering AI agents for patient communications, here’s what matters:

Data residency and sovereignty. Where does patient data actually live? If it’s processed offshore or by third-party cloud providers, you need ironclad data processing agreements and compliance documentation.

Audit and explainability. Can you trace every interaction an AI agent has? Can you explain why it responded the way it did? Healthcare regulators will ask these questions after an incident—you need answers before deployment.

Graceful failure modes. What happens when the AI doesn’t understand a query? Does it guess, or does it escalate to a human? The worst outcome is an agent that confidently provides wrong information.

Pre-vetted capabilities. Open marketplaces are great for general business use, but healthcare needs curated, audited, and tested functionality. You can’t afford to install a skill and hope it’s safe.

Clinical validation. Just because an AI agent can answer questions doesn’t mean it should. Any patient-facing automation needs clinical input during design and ongoing oversight during operation.

The Path Forward

AI agents will play a role in healthcare communications—that much seems inevitable. The technology is maturing, and the operational benefits are real. But the path from “technically possible” to “clinically safe and ethically sound” is longer in healthcare than in almost any other industry.

Organisations exploring platforms like OpenClaw need to go in with eyes open. The open-source appeal is understandable: flexibility, community innovation, and cost efficiency. But healthcare organisations must balance that against the rigorous security, compliance, and safety standards their patients deserve.

The right approach isn’t to avoid AI agents altogether. It’s to demand the same standards from AI systems that you’d demand from any other patient-facing technology: evidence of safety, regulatory compliance, ongoing monitoring, and a clear plan for when things go wrong.

Because in healthcare, when technology fails, patients pay the price. And that’s a cost we simply can’t accept.