March 30, 2026

Ready, set, press pause: Legal risks and best practices to implement before recording with an AI scribe

Jennifer Geetter McDermott Will & Schulte + Follow Contact LinkedIn Facebook X Send Embed

As healthcare providers and institutions explore ways in which artificial intelligence (AI) can address persistent operational challenges, attention increasingly turns to AI scribes. While these tools have a range of features and functionalities, at their core, they provide an unobtrusive audio recording capability that creates a transcript of the recorded doctor-patient conversations and generates a transcript that can facilitate more formal documentation, such as a note in an electronic medical record.

In Depth

Simply put, AI scribes are voice-to-text tools that use AI to better interpret spoken speech. These tools are ubiquitous enough to warrant an appearance in the acclaimed HBO series The Pitt, reflecting the pros and cons these tools can manifest in public imagination. While AI scribes can provide immediate dividends to reduce provider administrative burnout, providers and institutions considering deployment should pause and consider some of the interesting – and potentially risky – ethical, legal, and relationship considerations.

Recording

AI scribe tools listen to a live conversation and record it to generate a transcript. Some come with additional features. More than a dozen states are all-party consent states, meaning that state law requires that all parties to a conversation must consent to being recorded. As a best practice, any required consent from patients and caregivers should be obtained each time a patient is recorded. There are various ways to present and record consent, affording different trade-offs in patient experience and liability management. Additionally, in person versus telehealth consent models may inform the consent approach. Third-party AI platforms (including electronic health record vendors and other AI-enabled tools) that help the provider make the recording should consider their own liability-limiting steps in light of state and federal wiretapping rules.

Family members and legal representatives

Two-party consent can be tricky if family members or other individuals beyond the provider and patient are in the room at the time of the recording. A protocol should be put in place to provide notice of the recording to all parties and manage associated business risks.

Revocation

Patients (or other consenting parties) may change their minds during an appointment and ask that a recording be stopped. While AI scribes typically have a real-time “off” feature, providers must still consider the retention and use of the already-created recording.

Biometric consent

Certain AI Scribe tools might use a voiceprint component to distinguish speakers. Consideration should be given to whether the AI scribe is generating and recording a voice print implicating state law.

The evolving state AI law landscape

Basic AI Scribe tools will not likely implicate current state law (one notable exception is Illinois with respect to mental health information). But state law continues to change and as illustrated by the recording and wiretapping provisions, non-AI specific regulation can still impact the proper deployment of these tools. Additionally, subregulatory legal guidance, medical, and other professional association statements; court rulings; and other nonlegislative activity may change best practice considerations.

Know thy features

It is important to understand the precise features of the AI scribe. Certain AI recording tools may record even when a call is placed on mute. When on mute, a party to the call might reasonably assume they are not being recorded and can converse in private. Certain AI recording tools might continue to record even when certain parties hang up and the parties assume the call has concluded, generating portions of a transcript that were not intended. The AI Scribe tool might be subject to hallucinations describing people as saying things that they did not say. No tool is perfect and no set of features is right for all circumstances. As part of vetting and deploying AI Scribes, however, detailed test runs should be performed to understand exactly how the tool will work in your particular setting.

Designated record sets

Under the Health Insurance Portability and Accountability Act (HIPAA), a patient has the right to request access to and amendment of any protected health information (PHI) maintained by covered entities in the form of a designated record set (DRS). For a provider, a DRS includes the billing record, medical record, and any other record used by the provider to make decisions about a patient. One way to think about a DRS is as the “truth copy,” as a patient does not have the right to access or amend duplications, drafts, etc. Therefore, the status of both the recording and the transcript before the provider creates an official note can be ambiguous and context specific. There are various scenarios in which facts and work patterns that impact the likelihood that the recording and/or transcript generated by an AI scribe would be seen as a DRS for some period of time, and they can have downstream operational impacts. As part of any AI scribe deployment, institutions and providers should address these ambiguities on the front end to help clarify whether the recording or transcript will be considered part of the DRS by the applicable covered entity.

Medical record retention

HIPAA does not establish a retention period for PHI itself. Rather, it sets a six-year retention period for certain compliance-related documents. Therefore, providers must retain medical records consistent with state retention periods. If the recording and/or transcript is retained, careful consideration should be paid to whether the data constitutes part of the medical record subject to state retention obligations.

Retention for operational purposes

In some cases, institutions may want to retain recordings and/or transcripts for a variety of operational purposes, such as model training and sharpening, provider training, quality control and improvement, and even liability-related concerns (such as an aggressive patient). These non-treatment retention use cases should be considered against the backdrop of the DRS analysis, storage considerations (for the recordings typically), and other liability-related considerations.

Provider timeliness

One reason AI scribes are so popular is that they provide relief for a major source of physician dissatisfaction: the administrative burden that follows the clinical encounter. But knowing there is a real-time record of the visit may give busy providers with competing priorities license to postpone finalizing the note, which may increase the risk that the recording and/or transcript becomes the “truth copy” by default. Implementing safeguards and reminders to ensure these tools facilitate, rather than create, the ultimate medical documentation is an important deployment consideration.

Real-time prompts

Most current AI scribes are ambient, meaning they do not otherwise interact or impact the clinical encounter. But certain AI scribes have additional functionalities, such as providing transcript-adjacent clinical prompts or clinical decision-making support for the physician to consider when finalizing the note and care plan. Some even deliver real-time prompts during the clinical encounter, akin to colleagues asking their own questions or providing guidance. These features present additional clinical practice and Software as a Medical Device considerations.

Moving beyond consent

Beyond the legal obligation to obtain consent, institutions may want to use AI scribes to begin conversations with patients about how institutions are investing in AI tools to support improved patient care. Media coverage of AI, especially generative AI, is often at one extreme or the other: A utopic panacea for all of our chronic challenges or the gateway to a cataclysmic dystopia that endangers humanity. AI scribes and many other AI healthcare tools don’t fall on either end of the spectrum. Helping patients understand how technology can enable better care is a multistep conversation that can constructively begin as an outgrowth of AI scribe-related consents.

---

AI scribes are increasingly popular tools that can materially improve and expedite medical record documentation and allow providers to focus on listening to patients and delivering high-quality care. To deploy AI scribe tools successfully, healthcare institutions and providers should understand and address the various legal and ethical complexities.

[View source.]

Send Print Report

Related Posts

• AI platforms and privilege: Tax departments should be wary about what they share
• Using AI without waiving privilege: Lessons from United States v. Heppner
• TRAIN Act targets transparency in generative AI training practices

Latest Posts

• Heard at the 2026 Antitrust Law Section Spring Meeting
• Ready, set, press pause: Legal risks and best practices to implement before recording with an AI scribe See more »

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
Attorney Advertising.

©
McDermott Will & Schulte

Written by:

McDermott Will & Schulte Contact + Follow Jennifer Geetter + Follow more less

PUBLISH YOUR CONTENT ON JD SUPRA

• ✔ Increased readership
• ✔ Actionable analytics
• ✔ Ongoing writing guidance Join more than 70,000 authors publishing their insights on JD Supra

Start Publishing »

Published In:

Artificial Intelligence + Follow Audio Recording + Follow Biometric Information + Follow Business Associates Agreement (BAA) + Follow Consent + Follow Covered Entities + Follow Data Privacy + Follow Digital Health + Follow Electronic Medical Records + Follow Health Care Providers + Follow Health Information Technologies + Follow Health Insurance Portability and Accountability Act (HIPAA) + Follow HIPAA Privacy Rule + Follow Patient Privacy Rights + Follow PHI + Follow Risk Management + Follow Telehealth + Follow Wiretapping + Follow Health + Follow Privacy + Follow Science, Computers & Technology + Follow more less

McDermott Will & Schulte on:

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra: Sign Up Log in ** By using the service, you signify your acceptance of JD Supra's Privacy Policy.* - hide - hide