As the use of artificial intelligence-powered scribe tools becomes more common in clinical settings, providers must carefully consider patient consent, including the possible applicability of state audio recording laws. While AI scribes can improve efficiency and documentation quality, providers must implement appropriate safeguards to remain compliant with state and federal laws.
HIPAA and the Use of AI Scribes
Using an AI scribe in a healthcare setting raises important considerations under the Health Insurance Portability and Accountability Act (HIPAA). Because AI scribes process protected health information (PHI) on behalf of providers, the scribe vendor is a business associate and must sign and abide by a business associate agreement (BAA).
Additionally, since the PHI involved with an AI scribe is electronic, the HIPAA Security Rule requirements apply. This means that providers must assess the AI scribe tool as part of its HIPAA Security Risk Analysis to assess the risks and vulnerabilities to the ePHI. This includes assessing the AI scribe’s data handling practices, including whether the tool stores audio recordings or transcripts (even only briefly) and whether any data is used to train machine learning models.
State Laws on Audio Recordings
Many states regulate the recording of private conversations. These laws vary; some require the consent of all parties, while others require only one party’s consent.
Because violations can carry civil or criminal penalties, providers should ensure they meet applicable state consent requirements before recording any visit, including those made by AI scribes. When in doubt, follow the most protective standard by obtaining clear consent from all parties involved.
Other Important Considerations
Many patients remain cautious about the use of AI in healthcare. To maintain trust and confidence, providers should be transparent about the use of AI scribes, including how they work and whether patients have the option to decline their use. Clear communication helps foster informed patient engagement and supports ethical care delivery.
When explaining the AI scribe tool to patients, consider addressing the following:
- How the tool assists with documentation, and that the licensed provider reviews, revises, and confirms the final record for accuracy;
- Whether the visit will be recorded, where the recording will be stored, and how long it will be retained;
- The privacy, confidentiality, and data security measures in place; and
- How patients can opt out of using the AI scribe tool during their visits.
It’s also important to clarify that AI-generated recordings or transcripts are not part of the patient’s official medical record. These materials serve only as documentation aids for the provider.
Consent
Providers may obtain patient consent either verbally or in writing. However, because verbal consent is harder to verify, it should be documented. To ensure consistency, providers should use a standard script and maintain a record of the patient’s consent in accordance with their policies. Finally, consent should satisfy any state law audio recording requirements as well.
Conclusion
As AI scribes become more common in clinical care, providers must ensure compliance with HIPAA and relevant state laws. A valid business associate agreement, a proper security risk analysis, and clear, documented patient consent are essential. Just as important, providers should be transparent with patients about how these tools work and give them the option to opt out. With the right safeguards in place, AI scribes can enhance documentation while preserving patient trust and privacy.