HIPAA and AI Scribes: BAAs, Consent, and What to Verify

Can an AI scribe be HIPAA compliant? It can be used in a HIPAA-compliant way. But no software product is "HIPAA certified," because HHS certifies nothing and recognizes nobody else's certificate. Compliance lives in the arrangement, not the badge: a signed BAA before patient information flows, Security Rule safeguards you can verify, and patient consent that satisfies your state's recording law.

That's the whole framework in one sentence. The rest of this guide is the verification work. What the BAA must actually say, the twelve questions that separate a compliant vendor from a confident one, and the state-by-state consent table for the part HIPAA doesn't cover: recording the room.

Key takeaways

• "HIPAA-certified software" doesn't exist. HHS says no standard requires certifying compliance, and OCR does not certify any person or product as HIPAA compliant.
• A missing BAA is a violation by itself. OCR settled with one Illinois practice for $31,000 after it shared 10,728 patients' records with a vendor. No signed agreement, and that was the whole case.
• Eleven states require all-party consent to record a conversation. Which eleven depends on whether you mean the exam room or the telehealth call.
• 45 CFR 164.504(e) dictates what your vendor's BAA must contain, down to subcontractors and what happens to PHI when you cancel.
• Audio that's never stored still requires consent. The statutes regulate the act of recording, not the archive.

Why "HIPAA-certified" software doesn't exist

Start with the words of the agency that enforces HIPAA. HHS's own FAQ on the Security Rule is blunt: there is no standard or implementation specification that requires a covered entity to "certify" compliance, and HHS does not endorse or otherwise recognize private organizations' certifications. OCR's guidance on misleading marketing goes further. It does not certify any persons or products as "HIPAA compliant," and a private seal does not shrink your legal obligations by one clause.

So when a vendor's homepage wears a "HIPAA Certified" badge, one of two things is true. Either the vendor paid a third party for an assessment and is over-labeling it, or marketing wrote the compliance page without checking with anyone. We think that badge is the single most useful tell in this market. The vendors who understand the rule say "compliant-ready" or "aligned," and the best of them just show you the actual artifacts. A BAA they'll sign. Named encryption standards. An audit status stated honestly.

Honest phrasing sounds like ours, and we'd hold any vendor to the same bar: safeguards mapped to the HIPAA Security Rule, a BAA available for every customer, SOC 2 Type II audit underway. Underway means underway. If a vendor's badge claims more than its contract will, believe the contract.

What makes AI scribe use HIPAA-compliant in practice?

Three legs, and you control two of them.

A signed BAA, before the first real visit. The vendor handles protected health information on your behalf, which makes it a business associate. The Privacy Rule requires the written agreement first; details in the next section.

Security Rule safeguards, verified rather than assumed. Administrative, physical, and technical: encryption in transit and at rest, access limited by role, activity logged, a breach process that exists on paper before it's needed. You can't audit a vendor's data center, but you can demand specific answers. The checklist below is built for that.

Consent that satisfies your state's recording law. HIPAA itself never says "ask the patient before using a scribe." Treatment use of PHI needs no signed authorization, a point MGMA's guidance on AI consent forms makes as well. The duty to ask comes from state wiretap and eavesdropping statutes, and from running the kind of practice where patients are told who's listening.

For orientation: AI Scribe by Patient Square is an ambient AI medical scribe that listens during the visit and hands back a structured SOAP note, ICD-10 suggestions, and a prescription draft, all ready to review and sign about two minutes after the visit. If you're still mapping the category itself, start with our plain-English explainer on how AI scribes work, then come back for the paperwork.

Do you need a BAA with an AI scribe vendor?

Yes. Not as a best practice, but as the precondition for the disclosure being legal at all.

The cautionary case is small-practice-sized. In 2017, OCR settled with the Center for Children's Digestive Health, an Illinois pediatric group, for $31,000. The practice had shared 10,728 patients' records with a storage vendor; when OCR asked for the signed business associate agreement, neither side could produce one. The missing contract was enough. HHS's own headline for the resolution: "No Business Associate Agreement? $31K Mistake."

A real BAA isn't a vibe, either. 45 CFR 164.504(e)(2) spells out what the contract must establish:

• Permitted uses and disclosures: exactly what the vendor may do with PHI, and nothing that would violate the Privacy Rule if you did it yourself. (e)(2)(i)
• Safeguards: the vendor must use appropriate safeguards and comply with the Security Rule for electronic PHI. (e)(2)(ii)(B)
• Reporting: any use or disclosure outside the contract, including breaches, gets reported to you. (e)(2)(ii)(C)
• Subcontractor flow-down: anyone the vendor hands your PHI to agrees to the same restrictions. (e)(2)(ii)(D)
• Patient-rights support: the vendor makes PHI available for access, amendment, and accounting of disclosures. (e)(2)(ii)(E)–(G)
• Return or destruction at termination: when you leave, PHI comes back or is destroyed, or the protections follow it. (e)(2)(ii)(J)
• Termination for cause: you can end the contract if the vendor materially violates it. (e)(2)(iii)

Two traps worth naming. First, a clause buried in a SaaS terms-of-service is not a BAA. You need a contract that satisfies 164.504(e), signed, and producible on request, because "producible on request" is precisely what the $31,000 settlement was about. Second, the subcontractor clause matters more for AI scribes than for almost any other practice software: your audio may pass through a speech-recognition engine, a language-model API, and a cloud host. Flow-down means each of them is bound, not just the brand on the invoice.

And one ask the regulation doesn't require but you should make anyway: a written commitment on whether PHI is used to train models. Get it in the BAA or an attached data-processing addendum, not in a sales email.

The 12-question vendor checklist

Run every vendor through these, including us. The regulation or reason sits behind each one.

How we answer the same twelve, on the record: a BAA for every customer, solo practices included. TLS 1.2+ in transit, AES-256 at rest. Visit audio is processed in memory and discarded once the note is drafted, so there is no audio archive to retain, train on, or breach. Access is role-scoped and logged. Notes belong to your practice; export or delete any visit anytime, and we never sell or share clinical data. SOC 2 Type II audit underway, that phrase exactly, nothing grander. On training and note text, ask us in the demo and you'll get the answer in writing, which is the standard you should hold everyone to.

The fastest way to run the checklist is against a live system. Book a short demo and ask for our BAA in the same call. Then ask whether the BAA covers the trial period, a question worth putting to every vendor on your shortlist, us included. 7-day free trial · month-to-month available · audio never stored.

Which states require all-party consent to record a visit?

Federal law sets the floor: one party's consent is enough (18 U.S.C. § 2511(2)(d)), and the clinician is a party. Eleven states raise it and require everyone's consent. Per the 50-state survey of recording statutes by law firm Matthiesen, Wickert & Lehrer (chart dated February 2022; we fetched and read it in June 2026), those eleven are California, Delaware, Florida, Illinois, Maryland, Massachusetts, Montana, Nevada, New Hampshire, Pennsylvania, and Washington.

You'll see "12," "13," even "15" in other guides. Nobody's lying. The spread comes from four states with split or unsettled rules, and from a wrinkle that matters specifically to medicine: several statutes treat an in-person conversation differently from a phone or video call. An ambient scribe in an exam room is recording an in-person conversation; the same scribe on a telehealth visit is recording an electronic one. Same tool, different statute.

Count the exam-room column and you get eleven all-party-or-informed states; count the telehealth column and you also get eleven, but not the same eleven. Nevada swaps out, Oregon swaps in. That's the trap in every "13 two-party states" listicle: the number depends on which conversation you're having.

Two practical rules fall out. For telehealth across state lines, assume the stricter state's law applies. That's what the California Supreme Court held in Kearney v. Salomon Smith Barney when a Georgia firm recorded calls with California clients. And for everything else: a consent sentence takes five seconds. A practice in Tampa needs it by statute; a practice in Houston needs it because patients talk, and "my doctor records me secretly" is a sentence no practice survives. Get consent everywhere and the map becomes trivia.

One more thing, said plainly: this section is reporting, not legal advice. Statutes get amended and case law moves, so verify your state's current rule with counsel before you write your policy.

Does "we never store audio" remove the consent requirement?

No, and we're the right vendor to say so, because no-stored-audio is our own architecture. Recording statutes regulate the act of capturing a conversation, not the archive you keep afterward. A scribe that processes audio in memory and discards it at note draft is still recording while it listens. Consent still applies. All states.

What the architecture does change is your risk surface: there's no recording to breach, subpoena, or leak, and the consent conversation gets easier to have honestly. The script we suggest is one breath long: "I use a tool that listens and drafts my note so I can focus on you instead of the keyboard. The audio is deleted as soon as the note is written. OK with you?" Then one line in the chart: "Verbal consent to ambient documentation obtained." In all-party states, add a notice in the waiting room and intake forms; MGMA publishes a sample AI consent form for members if you want a template with a committee's fingerprints on it.

What other vendors do with audio is its own buying question. Retention windows range from seconds to indefinite, and almost nobody puts the policies side by side. We did: see the audio-retention comparison across major scribes before you take any vendor's word for it, including ours.

What should a small practice do this week?

The compliance work for an AI scribe is real but small. For a three-clinician practice, it's an afternoon:

1. Shortlist vendors that answer the twelve questions in writing. A vendor that stalls on questions 1, 4, or 7 has answered them.
2. Get the BAA signed before the first real patient, and confirm whether it covers the trial period, since you'll be feeding the system real visits from day one.
3. Adopt the consent script and the one-line chart documentation. Add signage if you're in an all-party state or just want the trust dividend.
4. Check your telehealth footprint with counsel if you see patients across state lines. The stricter state's recording law is the safe assumption.
5. File the artifacts (BAA, vendor's written answers, your consent policy) where you can produce them on request. Producible-on-request is the lesson of the $31,000 settlement.

Your notes stay yours through all of it: export or delete any visit, anytime, whichever vendor's logo is on the screen. And if a vendor won't promise that in writing, return to step one.

The receipts behind everything we've claimed here live on our security page, stated in the same plain terms: what's encrypted, who can access what, what's audited, and what isn't done yet. Read it the way you'd read any vendor's: skeptically, checklist in hand, and then test the product on a week of real visits before anyone signs anything long.

HIPAA-aligned · No audio stored · SOC 2 in progress