Safe AI in UK general practice: what counts as ‘clinical decision support’ and how to stay governed

Dr Kola Tytler (MBBS CertHE MBA MRCGP)||3 min read
Featured image for Safe AI in UK general practice: what counts as ‘clinical decision support’ and how to stay governed

Artificial Intelligence has moved from "future tech" to "everyday utility" in UK primary care. But for the responsible GP or practice manager, this speed brings anxiety.

If you use ChatGPT to draft a referral letter, are you breaching GDPR? If an AI tool suggests a differential diagnosis, is it a "medical device"? The answers lie in understanding the regulatory distinction between administrative efficiency and clinical decision support.

Why governance matters (practical, not scary)

Governance is often viewed as a barrier to innovation, but in the context of AI, it is your safety net.

If an AI tool hallucinates a non-existent guideline and you act on it, the liability sits with you. However, if you are using a tool that is UKCA-marked and registered with the MHRA, you are using a product that has demonstrated safety cases, risk management, and clinical validation.

Using unregulated "open" AI models for clinical decisions is akin to prescribing a drug that hasn't passed Phase 3 trials: it might work, but if it goes wrong, you have no defence.

What the UK regulatory direction of travel looks like

The UK landscape is currently in a "pivotal moment" of formalisation.

  • The MHRA stance: The regulator is actively distinguishing between software that informs a decision (e.g., a reference library) and software that makes a calculation or prediction (e.g., a risk score or diagnostic suggestion).
  • Current Action: The National Commission into the Regulation of AI in Healthcare is currently gathering evidence (with a major call for evidence closing in Feb 2026) to finalise the new rigorous framework.
  • The bottom line: The days of the "Wild West" are ending. Expect tools to be strictly categorised as Software as a Medical Device (SaMD) if they perform any interpretative function.

Green-zone vs red-zone use

To stay safe today, map your AI use cases into two zones.

✅ Green Zone (Low Regulatory Risk)

  • Administrative tasks: "Draft a letter to the housing department for this patient."
  • Summarisation: "Summarise this 3-page hospital discharge letter into 5 bullet points."
  • Search/Retrieval: "Find the NICE guideline for hypertension." (As long as it links to the source).
  • Key feature: The AI is acting as a secretary or librarian. It is not practicing medicine.

🚩 Red Zone (High Regulatory Risk)

  • Unverified Diagnosis: "What is the diagnosis for these symptoms?" (without citing a specific UK guideline).
  • Risk Stratification: "Is this patient high risk for sepsis?"
  • Dosage Calculation: "Calculate the gentamicin dose for this renal function."
  • Key feature: The AI is acting as a clinician. If the tool is not a registered medical device, do not use it for these tasks.

How to adopt tools responsibly in day-to-day practice

You do not need to ban AI, but you need a "Human-in-the-loop" protocol.

  1. The "Draft, Don't Send" Rule: AI drafts the letter; a human must read it before it leaves the practice.
  2. Source Verification: Never accept a clinical fact from an AI unless it provides a clickable link to a trusted source (NICE, CKS, SIGN).
  3. No Patient Identifiers: Unless you have a specific Data Processing Agreement (DPA) with the vendor, never input real names or NHS numbers into an AI prompt.

Where iatroX fits

iatroX is built specifically to operate safely within the "Red Zone" of clinical support because it has done the regulatory heavy lifting.

Unlike generic LLMs, iatroX is a UKCA-marked, Class I MHRA-registered medical device.

  • What this means: It has a legal manufacturing trail and clinical safety officer oversight.
  • Why it matters: When iatroX synthesises a clinical answer, it does so within a regulated framework designed for UK healthcare, giving you a level of assurance that "open" ChatGPT cannot provide.

Share this insight