What Is AHPRA and Why Does It Affect Your Website?

The Australian Health Practitioner Regulation Agency (AHPRA) is the national body that regulates 16 health professions in Australia — from medical doctors and dentists to physiotherapists, psychologists, and nurses. Under the Health Practitioner Regulation National Law, any advertising of a regulated health service must comply with a strict set of rules.

The critical point that many developers and clinic owners miss is this: your website is advertising. Every page, every testimonial widget, every before-and-after gallery, every claim about outcomes — all of it falls under the National Law's advertising provisions. AHPRA confirmed this interpretation explicitly in their 2023 advertising guidelines update, and it was reinforced again in September 2025 when new clarifications were issued for higher-risk cosmetic procedures.

Non-compliance is not a minor administrative matter. Practitioners can face formal complaints, conditions placed on their registration, and in serious cases, deregistration. The developer or agency that built the non-compliant site bears reputational risk and, increasingly, contractual liability.

The Six AHPRA Advertising Rules That Directly Affect Website Architecture

Understanding the rules at a technical level — not just as a legal checklist — is what separates a genuinely compliant React build from one that is merely hoping to be compliant.

1. No Testimonials or Patient Reviews

Section 133 of the National Law prohibits the use of testimonials in advertising a regulated health service. This is one of the most frequently violated rules on Australian healthcare websites, because the instinct of every marketing team is to add a Google Reviews widget or a "What Our Patients Say" section.

The prohibition is broad. It covers written testimonials, video testimonials, star ratings that imply clinical outcomes, and third-party review embeds (Google, Healthengine, RateMD) when they appear in the context of advertising a regulated service.

React implementation implication: Any component that fetches and renders Google Places reviews, Trustpilot widgets, or custom testimonial carousels must be removed or replaced. If your client insists on social proof, redirect that energy toward case study content that describes processes and outcomes in aggregate, without attributing statements to individual patients.

2. No Misleading or Deceptive Content

The National Law prohibits content that creates a false impression about a health service, its benefits, or its risks. This includes comparative claims ("Brisbane's best plastic surgeon"), superlatives ("world-class care"), and any statement that implies a guaranteed outcome.

React implementation implication: Audit every <h1>, <h2>, hero headline, and meta description. CMS-driven content is particularly risky — if a practitioner can edit their own page copy without a compliance review step, you need to build that review gate into the content workflow, not just the codebase.

3. No Unrealistic Expectations About Results

Even factually accurate statements can violate AHPRA rules if they create an unrealistic expectation about what a patient will experience. Before-and-after photographs are the most common trigger. AHPRA's position is that a single set of before-and-after images implies that result is typical, which it rarely is.

React implementation implication: Before-and-after image galleries must either be removed entirely or replaced with clearly labelled educational content that includes appropriate disclaimers about individual variation. If your design system includes a BeforeAfterSlider component, it should not be used on AHPRA-regulated sites without legal review.

4. No Inducements to Use a Health Service

Offering discounts, gift cards, referral bonuses, or "limited time offers" to attract patients is prohibited. This catches many clinics off guard, particularly those that have run promotional campaigns on social media.

React implementation implication: Remove any countdown timers, promotional pricing banners, or discount code components from the site. If the client operates a loyalty programme, it must be structured around non-clinical benefits only and reviewed by a healthcare lawyer before going live.

5. No Unapproved Therapeutic Goods Claims

If a practitioner's website mentions specific products, devices, or treatments, those references must not include claims that go beyond what the Therapeutic Goods Administration (TGA) has approved for that product. This is particularly relevant for cosmetic clinics, dermatologists, and allied health providers who use specific devices or supplements.

React implementation implication: Product or treatment pages that pull content from a CMS or external API need a content governance layer. Dynamic content is the highest-risk area — a well-intentioned blog post or treatment description can introduce a TGA violation without the developer ever touching the code again.

6. Pricing Must Be Clear and Accurate

If a health service website displays pricing, it must be accurate and not misleading. Hidden fees, "from" pricing without clear qualification, and outdated price lists all create compliance exposure.

React implementation implication: Pricing components should either be removed from public-facing pages entirely (directing patients to call for a quote) or connected to a live data source that the practice manager can update in real time. Static hardcoded pricing is a maintenance liability.

Building the Compliant React Architecture: A Practical Framework

With the rules understood, the following architecture decisions will give you a defensible, maintainable, and genuinely compliant React build.

Content Management and the Compliance Gate

The single most important architectural decision is where human compliance review sits in the content publishing workflow. For a React site backed by a headless CMS (Contentful, Sanity, Strapi), the recommended pattern is a draft → compliance review → publish pipeline with role-based access control.

Role	CMS Permissions	Can Publish?
Practitioner / Admin	Create, edit drafts	No — triggers review
Compliance Reviewer	Approve or reject drafts	Yes — to staging
Developer / Agency	Full access	Yes — to production

This is not a technical constraint you impose on the client — it is a service you sell as part of the engagement. Clinics that understand their AHPRA exposure will pay for a compliance-aware CMS workflow.

Structured Data and Schema Markup

React sites that use server-side rendering (Next.js) or static site generation have a significant SEO advantage for healthcare providers because they can inject MedicalOrganization, Physician, and LocalBusiness JSON-LD schema directly into the <head> on a per-page basis.

{
  "@context": "https://schema.org",
  "@type": "MedicalOrganization",
  "name": "Example Medical Practice",
  "url": "https://example.com.au",
  "address": {
    "@type": "PostalAddress",
    "streetAddress": "123 Example Street",
    "addressLocality": "Brisbane",
    "addressRegion": "QLD",
    "postalCode": "4000",
    "addressCountry": "AU"
  },
  "medicalSpecialty": "Plastic Surgery"
}

Critically, the aggregateRating property within MedicalOrganization schema should be omitted entirely on AHPRA-regulated sites. Rendering star ratings in structured data — even if they come from a legitimate source — creates the same testimonial compliance risk as displaying them visually on the page.

Privacy and Data Handling

Australian healthcare websites are subject to the Privacy Act 1988 and the Australian Privacy Principles (APPs), which govern how patient information is collected, stored, and used. Contact forms, appointment booking widgets, and newsletter sign-ups all constitute data collection points that require a compliant privacy policy and, in most cases, explicit consent capture.

For React contact forms, the minimum compliant implementation includes a clearly labelled checkbox (not pre-ticked) that links to the practice's privacy policy, a server-side form handler that does not log form data to the browser console, and a data retention policy that the practice has actually documented.

Performance as a Compliance-Adjacent Concern

While page speed is not directly an AHPRA requirement, it is increasingly a legal accessibility concern. The Australian Disability Discrimination Act (DDA) has been interpreted by courts to require that websites be accessible to people with disabilities, with WCAG 2.1 AA as the accepted standard.

For React healthcare sites, the performance baseline in 2026 should be:

Metric	Target	Measurement Tool
Largest Contentful Paint (LCP)	< 2.5 seconds	Google PageSpeed Insights
Cumulative Layout Shift (CLS)	< 0.1	Core Web Vitals report
Interaction to Next Paint (INP)	< 200ms	Chrome DevTools
Accessibility Score	95+	Lighthouse

Achieving these targets on a React site requires code splitting at the route level, lazy loading of all below-the-fold images with loading="lazy" and decoding="async", and careful management of third-party scripts that are the most common source of performance regression on healthcare sites.

The Booking System Integration

Online booking is one of the highest-value features a healthcare website can offer — and one of the most compliance-sensitive. The booking system must not collect more patient information than is necessary for the appointment, must store data in Australia (or with explicit patient consent for offshore storage), and must be covered by the practice's privacy policy.

Integrating a booking system into a React site via an <iframe> is the lowest-risk approach from a data handling perspective, because the patient's information never touches your application layer. Embedding a booking API directly into your React components gives a better user experience but requires your server infrastructure to be included in the practice's data handling documentation.

The 2025 Cosmetic Procedure Update: What Changed

On 2 September 2025, AHPRA and the National Boards issued clarified guidelines specifically targeting higher-risk non-surgical cosmetic procedures, including injectables, laser treatments, and body contouring. The key changes relevant to website developers are:

Mandatory cooling-off periods must now be communicated clearly on any page that promotes these procedures. A React component that allows a patient to book a cosmetic injectable appointment without a visible reference to the cooling-off requirement is non-compliant from the moment the updated guidelines took effect.

Before-and-after images for these specific procedures are now subject to even stricter scrutiny, with AHPRA explicitly flagging social media and website galleries as primary enforcement targets. If your client is a cosmetic clinic, the safest position in 2026 is to remove all before-and-after content from the public-facing website entirely.

Practitioner qualifications must be accurately stated. Any page that describes a practitioner as a "specialist" must use that term only if the practitioner holds specialist registration with AHPRA. Using "specialist" as a marketing descriptor for a general practitioner who performs cosmetic procedures is a violation.

A Compliance Checklist for React Healthcare Builds

Before any AHPRA-regulated React site goes live, the following review should be completed by someone with working knowledge of both the codebase and the National Law advertising requirements.

Area	Check
Testimonials	No patient reviews, star ratings, or testimonial components
Before/After	No before-and-after image galleries
Outcome claims	No guaranteed or implied outcome statements in copy or meta tags
Superlatives	No "best", "leading", "number one" claims
Inducements	No discounts, countdown timers, or referral incentives
Pricing	Accurate, or removed entirely
Practitioner titles	"Specialist" used only for AHPRA-registered specialists
Structured data	No `aggregateRating` in JSON-LD schema
Consent checkboxes	Present and unchecked by default on all forms
Cooling-off notice	Visible on all cosmetic procedure pages (post-Sept 2025)
WCAG 2.1 AA	Lighthouse accessibility score 95+
Performance	LCP < 2.5s, CLS < 0.1 on mobile

Why React Is the Right Choice for AHPRA-Regulated Sites

Despite the compliance complexity, React (and Next.js in particular) is the most capable framework for building healthcare websites that are simultaneously compliant, performant, and maintainable. The component architecture makes it straightforward to build a compliant design system — a set of pre-approved, pre-reviewed components that a content team can assemble into pages without inadvertently introducing violations.

The alternative — a WordPress or Wix site with a drag-and-drop page builder — gives the practitioner more editorial freedom, which in the context of AHPRA compliance is precisely the problem. The more freedom a non-technical user has to add content, the more likely they are to add a Google Reviews widget, a before-and-after gallery, or a "Brisbane's best" headline without realising the regulatory implications.

A well-architected React site with a compliance-gated CMS workflow is not just a better technical product. It is a better risk management product for the practitioner.

Working With Auspro Studios

At Auspro Studios, we build React and Next.js digital platforms for medical and healthcare professionals across Brisbane and Queensland. Every site we deliver includes a compliance review against current AHPRA advertising guidelines, a structured data implementation for local SEO, WCAG 2.1 AA accessibility, and a CMS workflow that gives your team editorial control without creating compliance exposure.

We deliver from discovery to a live, compliant website in four weeks. No lock-in contracts.

Book a free consultation: ausprostudios.com.au/#contact

Auspro Studios is a Brisbane-based web development company specialising in medical and healthcare digital platforms. This article is provided for general informational purposes and does not constitute legal advice. For specific compliance questions, consult a healthcare lawyer or AHPRA directly.

How to Build an AHPRA-Compliant React Website in 2026