AI scribes are being adopted rapidly across medical practices of all sizes. The promise is to reduce the documentation burden that costs clinicians hours each week, improve eye contact during consultations, and generate accurate clinical notes without manual typing.
But every AI scribe operates by processing spoken conversations between clinicians and patients. That means Protected Health Information (PHI) is being captured, transmitted, and processed by a third-party vendor, often in real time. Without the right legal agreements, technical safeguards, and operational controls in place, a practice can be exposed to serious HIPAA liability before a single note is ever reviewed.
This article provides a practical HIPAA-compliant AI scribe checklist that clinic owners, practice managers, and compliance officers can use to vet any tool before purchase or deployment. You will learn:
- what genuine HIPAA compliance requires from an AI vendor
- how to spot compliance theater in sales materials
- what questions to ask before signing a contract
- and how to build a patient consent workflow that protects both the practice and the patient.
If you are evaluating your first AI scribe or auditing a tool already in use, this guide gives you the framework to make a defensible, compliant decision.
What HIPAA Compliance Means for an AI Scribe
The HIPAA Security Rule establishes specific administrative, physical, and technical safeguards that any entity handling electronic Protected Health Information must implement. The moment an AI tool captures a patient conversation and generates a transcript or clinical note containing identifiable health data, that tool is handling PHI under the law.
The distinction that matters most here is the difference between "HIPAA ready" and genuinely HIPAA-compliant.
- "HIPAA-ready" is a marketing term that vendors use to indicate their infrastructure has security features that could support compliance. It places all legal responsibility on your practice.
- A truly HIPAA-compliant vendor formally acknowledges its obligations by signing a Business Associate Agreement and assuming shared legal accountability for the PHI it processes on your behalf.
Under HIPAA and its enforcement framework strengthened by HITECH, a Covered Entity, which is your clinic or practice, is liable for the actions of its Business Associates.
If a vendor suffers a data breach and has not signed a BAA with your practice, the financial and reputational consequences fall almost entirely on you.
Understanding this liability structure is the foundation of every other item on this checklist.
| Term | What It Means for Your Practice |
|---|---|
| HIPAA-Ready | Vendor has security infrastructure but places compliance liability on you |
| HIPAA-Compliant | Vendor signs a BAA and accepts legal responsibility for PHI handling |
| Business Associate | Any third-party vendor that creates, receives, maintains, or transmits PHI |
| Covered Entity | Your clinic or practice, responsible for enforcing BAA requirements |
The HIPAA AI Scribe Checklist: 10 Must-Haves Before You Buy
Use this checklist before signing any contract or deploying any AI scribe tool. Each item represents a genuine legal or technical requirement, not a best practice suggestion. Data security you can rely on starts at the procurement stage, not after go-live.
1. A signed Business Associate Agreement (BAA). Any vendor that creates, receives, maintains, or transmits PHI on your behalf is a Business Associate under HIPAA. They must sign a BAA before any PHI is processed. If a vendor hesitates or routes you to a request form with no clear timeline, treat that as a disqualifying red flag.
2. AES-256 data encryption for data at rest. Patient data stored on vendor servers must be encrypted using AES-256, the current industry standard for healthcare data. Medesk uses AES-256 data encryption across all stored records. Confirm that your AI scribe vendor meets the same standard.
3. Encryption in transit (TLS 1.2 or higher). All data transmitted between your device, the AI system, and the vendor's servers must use TLS 1.2 or higher. Weaker protocols can be exploited. Ask the vendor to confirm their transport layer security version in writing.
4. SOC 2 Type II certification. A SOC 2 Type II audit is conducted by an independent third party and verifies that a vendor's security controls have been operating effectively over a sustained period, typically six to twelve months. It is a stronger assurance than a self-attestation.
Medesk holds SOC 2 Type II certification. Any compliant AI scribe vendor should be able to produce their audit report on request.
5. Defined data retention and deletion policies. Your vendor must have a documented policy specifying exactly how long PHI, including audio recordings and transcripts, is retained and when it is deleted. Acceptable policies state that audio recordings are purged immediately after the clinical note is generated. Vague answers about "standard retention practices" are not sufficient.
6. Comprehensive audit logs. A HIPAA-compliant system must maintain audit logs that record who accessed PHI, when, and what actions were taken. These logs are essential for demonstrating compliance during an audit and for investigating any potential breach. Confirm that the AI scribe tool produces exportable, tamper-evident audit logs.
7. Role-based access controls. Not every staff member needs access to every patient record. The vendor's system must support role-based access so that PHI is accessible only to those with a clinical or operational need. This is a direct requirement of the HIPAA Security Rule's access control standards.
![access_permission [en]](/i/2ZoEpAB4euLkni0H2yalK8/0d4824cdb897d185d24deb6c0a9b7bdc/accessperm.png?w=700)
8. A clear model training policy. This is a critical and frequently overlooked item. Ask whether the vendor uses patient data, including audio recordings, transcripts, or generated notes, to train or improve their AI models. Any use of PHI for model training without explicit patient authorization is a HIPAA violation. The BAA and privacy policy must explicitly prohibit this.
9. Breach notification procedures. Under HITECH, vendors must notify covered entities of a data breach within 60 days of discovery. Your BAA should specify a faster internal notification timeline, typically 24 to 72 hours. Confirm the vendor's breach notification procedure before signing anything.
10. Sub-processor disclosure. AI scribe tools often use third-party cloud providers or NLP services as sub-processors. Your vendor must disclose all sub-processors handling PHI and confirm that each has signed an appropriate data processing agreement. Unknown sub-processors represent uncontrolled PHI exposure.
When "HIPAA-Compliant" Is Just Marketing
Compliance theater is a real problem in the AI documentation software market. It refers to the practice of using the language and appearance of compliance without the legal accountability behind it. Recognizing it can protect your practice from a significant data breach and the regulatory penalties that follow.
The most common red flags include:
- No BAA offered or BAA available only on request with delays. A vendor serious about HIPAA compliance has a standard BAA ready to execute. Friction around BAA signing is a warning sign.
- Free AI scribe tools with no documented security controls. Free tools frequently lack the infrastructure and legal frameworks required for PHI handling. If there is no BAA, there is no compliance, regardless of what the website says.
- Vague language about model training protocols. Statements like "we may use anonymized data to improve our services" can mask the use of PHI for model training. Anonymization is a defined process under HIPAA; not all vendors apply it correctly.
- PHI exposure through undisclosed third parties. If a vendor cannot name their sub-processors, you cannot assess the full scope of PHI exposure.
- No SOC 2 Type II report available. Self-certified compliance without independent verification is not sufficient for a tool handling sensitive patient data.
Effective data breach prevention requires evaluating vendors critically, not just reading their compliance page. If a vendor cannot answer direct questions about their security architecture, that tells you everything you need to know.
Technical Deep Dive: Encryption, Anonymization, and Storage
For IT managers and compliance officers who need to go beyond the checklist, this section addresses the technical specifics of what happens to patient data inside an AI scribe system.
- When a clinician uses an ambient AI tool during a consultation, the audio recording is captured either on-device or streamed directly to the vendor's cloud infrastructure. The critical question is what happens to that audio after the clinical note is generated.
- A compliant AI scribe must delete the raw audio recording from its servers immediately after the note is produced. Retaining audio files constitutes unnecessary PHI retention and increases breach risk with no clinical benefit.
Ask your vendor to confirm their audio deletion timeline and request that this commitment is included in the BAA.
- Data residency is also a relevant consideration. PHI must be stored on servers located within the United States to remain subject to US HIPAA jurisdiction. If a vendor uses international data centers, you need a documented legal basis for that cross-border transfer.
- De-identification of data, when a vendor claims to use it, must follow one of HIPAA's two recognized methods:
- the Expert Determination method
- or the Safe Harbor method.
Data that does not meet these standards is not legally de-identified, even if the vendor describes it as anonymized. This distinction matters when evaluating whether PHI is being used for model training or analytics.
Key encryption standards to verify:
- AES-256: Required for data at rest on vendor servers and backup storage
- TLS 1.2 or higher: Required for all data in transit between endpoints
- End-to-end encryption: Preferred for audio recording transmission from the point of capture
Medesk applies these encryption standards as part of its core security architecture, with data retention and deletion policies that are documented, enforced, and auditable. Any AI scribe you deploy should meet these same baseline requirements.
Vendor Vetting Questions to Ask Sales Representatives
Use these specific questions during vendor evaluation to cut through the pitch and assess real compliance posture.
- "Can you provide a fully executed BAA today, and who on your team has authority to sign it?"
- "Do you use any patient data, including audio, transcripts, or notes, for model training or AI improvement? Is this explicitly prohibited in your BAA?"
- "What is your breach notification timeline to covered entities, and where is that commitment documented?"
- "Who are your sub-processors and do each have signed data processing agreements?"
- "Can you provide your most recent SOC 2 Type II audit report?"
- "Where are your servers physically located, and do you use any non-US data centers?"
- "What are your data retention periods for audio recordings, transcripts, and generated notes?"
- "How do your access controls work, and can you demonstrate role-based access configuration?"
These questions constitute a practical vendor verification security checklist. A vendor with nothing to hide will answer them directly. Evasive or incomplete answers warrant escalation to your compliance officer before proceeding.
The 3-Step Workflow: Verify, Record, Review
Integrating a compliant AI scribe into the clinical workflow does not need to be complex, but it does require discipline. The clinician retains full legal responsibility for every clinical note generated, regardless of whether it was produced by a human or an AI system. A clear three-step process supports both compliance and clinical quality.
Step 1: Verify consent before the encounter begins.
Before the AI tool is activated, confirm that the patient has been informed and has provided consent for the session to be transcribed. This can be completed during check-in or at the start of the appointment. Consent should be documented in the patient record.
Step 2: Record the consultation using the AI scribe.
The ambient AI tool captures the conversation and processes it to generate a draft transcript and structured clinical notes. The clinician focuses on the patient rather than a keyboard. The tool handles the documentation framework.
Step 3: Review, edit, and sign the generated note.
Before the note is finalized, the clinician must review the AI-generated output for clinical accuracy, completeness, and appropriate detail. Errors in AI-generated notes carry the same legal and clinical risk as errors in manually documented records. No note should be signed without human review.
This verify, record, review cycle makes AI scribing both efficient and defensible. The documentation benefits are realized without transferring clinical responsibility to the software.
Special Considerations Like Psychotherapy Notes and State Laws
Most HIPAA compliance discussions treat all clinical documentation as equivalent. However, psychotherapy notes occupy a distinct legal category under HIPAA that requires additional protections beyond standard PHI handling.
Under the Privacy Rule, psychotherapy notes are defined specifically as notes recorded by a mental health provider documenting or analyzing the contents of a counseling session. These notes must be stored separately from the rest of the medical record and require separate patient authorization for disclosure in almost all circumstances.
Standard treatment, payment, and operations authorizations that cover ordinary PHI do not apply to psychotherapy notes.
If you are a mental health provider considering an AI scribe, you must confirm with your vendor that psychotherapy notes can be designated, stored, and access-controlled separately from general clinical records. Many AI scribe tools are not designed with this distinction in mind, which creates a specific compliance gap for mental health practices.
Additionally, state law may impose requirements that exceed federal HIPAA standards. For audio recording and patient consent specifically, states including California, Florida, Illinois, and Pennsylvania have two-party consent statutes. A HIPAA-compliant workflow at the federal level may still violate state law if verbal disclosure requirements are not met. Always verify both federal and applicable state requirements before deployment.
The HIPAA Security Rule sets a floor, not a ceiling. Building a compliance program that accounts for state-specific obligations ensures that your practice is protected across all relevant legal frameworks.
How to Talk to Patients About AI in Your Practice
Obtaining informed consent before using an AI scribe is a legal and ethical requirement. In certain states, two-party consent laws require that all parties to a recorded conversation give explicit permission before recording begins. Even where one-party consent is the legal standard, verbal disclosure is a professional obligation that supports transparency and patient trust.
Clear patient communication also helps maintain the integrity of the therapeutic relationship, particularly in sensitive specialties. A privacy notice covering AI use should be included in your intake documentation and explained at the first visit.
Here are practical verbal disclosure scripts your team can use:
For general clinical settings:
"Before we begin today, I want to let you know that I use an AI transcription tool to help me document our conversation. The tool creates a summary of our discussion that I review and finalize. Your information is protected using healthcare-grade security standards and is not shared with anyone outside your care team. Do you have any questions about that, and do you consent to proceeding?"
For therapy and counseling settings:
"I use AI-assisted documentation software to help me take notes during our sessions. The tool records our conversation to create a draft note, which I review and edit before saving. I want to make sure you understand how your information is handled and that you're comfortable with this before we start. I'm happy to explain further or discuss alternatives if you prefer."
These scripts support informed consent documentation standards and give patients a clear, honest account of what is happening with their data.
Medesk's patient consent management features allow practices to record and store documented consent alongside the patient record, creating an auditable trail that supports compliance. For guidance on building broader patient communication policies that align with these requirements, additional resources are available to help practices standardize their approach.
Every clinical note generated in your practice contains sensitive patient data. The platform managing that data should be held to the highest possible standard. Medesk makes that standard achievable without adding administrative burden to your team.
Explore how Medesk's practice management software can support your compliance program and start for free with our team today.
Frequently Asked Questions
- Is a Business Associate Agreement required for AI scribes?
Yes. Any AI scribe that creates, receives, maintains, or transmits Protected Health Information acts as a Business Associate under HIPAA. A signed BAA is legally required before any PHI is processed by the tool.
- What are the red flags for non-compliant AI documentation tools?
Vague security language, refusal or delays in signing a BAA, absence of SOC 2 Type II certification, use of patient data for model training, and unclear data retention policies are all significant warning signs.
- Do AI scribes use patient data to train their models?
Some vendors do. This represents a serious PHI exposure risk. Your BAA and terms of service must explicitly state that PHI is never used for model training or AI improvement purposes.
- How do I disclose AI scribing to patients and get consent?
Provide a clear verbal disclosure at the start of the encounter, explaining what the tool does, what data is captured, how it is protected, and who reviews it. Document consent in the patient record.
- What encryption standards should be in place?
AES-256 encryption for data at rest and TLS 1.2 or higher for data in transit are the required minimums. End-to-end encryption from point of capture is the preferred standard.
- Are there specific HIPAA requirements for AI-generated notes versus human transcription?
No. The HIPAA Security Rule applies equally to all forms of PHI. AI-generated clinical notes carry the same protection requirements as notes produced by human transcriptionists.
