Free for a week, then $19 for your first month
Expert Advice

HIPAA-Compliant AI Notes: The 12-Point Vendor Due Diligence Framework

A comprehensive 12-point framework to vet AI scribes for true HIPAA compliance and data security

Dr. Eli Neimark's profile picture
By  Dr. Eli Neimark Dr. Eli Neimark profile pictureDr. Eli NeimarkLicensed Medical Doctor

Dr. Eli Neimark is a certified ophthalmologist and accomplished tech expert with a unique dual background that seamlessly integrates advanced medicine with cutting‑edge technology. He has delivered patient care across diverse clinical environments, including hospitals, emergency departments, outpatient clinics, and operating rooms. His medical proficiency is further enhanced by more than a decade of experience in cybersecurity, during which he held senior roles at international firms serving clients across the globe.

 , Licensed Medical Doctor
6 min read Expert Verified How is this page expert verified? At Twofold Health, we take the accuracy of our content seriously. "Expert verified" means our Clinical Advisory Board — practicing clinicians and industry experts — has thoroughly evaluated the article for accuracy, clarity, and relevance. They hold us accountable for delivering trustworthy resources clinicians can rely on. About our Review Board
Reviewed by  Dr. Dora Matis Dr. Dora Matis profile pictureDr. Dora MatisLicensed Medical Doctor

Dr. Dora Matis is a licensed medical doctor currently working as a psychiatrist and psychotherapist at a leading clinic in Germany. With a strong passion for mental health and holistic care, she combines clinical expertise with a compassionate approach to patient well‑being. Beyond her clinical practice, Dr. Matis is actively involved in medical research and has published several articles across various fields of medicine, reflecting her dedication to advancing medical knowledge and improving patient outcomes.
HIPAA-Compliant AI Notes: The 12-Point Vendor Due Diligence Framework Hero Image

The rise of AI medical scribes offers a powerful antidote to physician burnout, automating documentation to restore the doctor‑patient connection. However, this digital cure carries significant risk. While vendors frequently market themselves as "HIPAA-compliant," this claim is often superficial. True compliance is a shared responsibility, and marketing phrasing frequently masks critical gaps in data setup, audit trails, and poorly executed Business Associate Agreements (BAAs).

Adopting the wrong tool can ultimately lead to data exposure. Therefore, organizations must employ a technical due diligence framework to distinguish secure solutions from high‑risk tools.

Applying this 12‑point framework allows healthcare providers to utilize the efficiency of HIPAA-compliant AI scribes while protecting patient trust and maintaining regulatory integrity.

The Difference Between a “HIPAA Complaint” Feature vs. Framework

In the procurement process, it is common for vendors to present HIPAA compliance as just another bullet point on a spec sheet, often placed next to features like "mobile accessibility" or "cloud sync."

HIPAA compliance, specifically the Security Rule, is an ongoing risk management framework. It requires the implementation of three distinct safeguard categories:

  • Administrative Safeguards: Policies, procedures, and risk analyses that govern workforce behavior.
  • Physical Safeguards: Controls limiting access to facilities and workstations.
  • Technical Safeguards: The technology protecting data in transit and at rest.

A vendor might overstate about "end‑to‑end encryption" (a technical safeguard) but neglect to mention they lack a documented disaster recovery plan (an administrative safeguard) or that their developers have access to production databases (a physical/technical gap).

Compliance requires all three pillars; a vendor offering just one is offering a false sense of security.

The Shared Responsibility Model

Many healthcare organizations operate under the misconception that signing a contract with a vendor transfers all liability. In reality, HIPAA operates on a shared responsibility model, where the covered entity (you) retains ultimate accountability.

Under the HIPAA Privacy and Security Rules, if your Business Associate (the AI scribe vendor) suffers a breach, it is your patient data that was exposed, and it is your obligation to notify. The Office for Civil Rights (OCR) will investigate your adherence to the Security Rule. If you failed to verify the vendor's safeguards or signed an inadequate BAA, the OCR considers you non‑compliant.

The 12-Point Vendor Due Diligence Framework

Use this checklist when evaluating any AI scribe platform.

1. The Business Associate Agreement (BAA)

A BAA is the foundation of your vendor relationship. You must ensure the BAA explicitly covers the specific data processing activities of the AI, including voice capture, transcription, natural language processing (NLP), and long‑term storage.

  • Example: Many AI scribes use third-party Large Language Models (LLMs) to generate summaries. If the vendor’s BAA does not explicitly prohibit the use of your data for "model training" or "service improvement," the LLM provider may retain your PHI to refine their algorithms.
    • Once data is used for training, it becomes difficult to delete or audit, effectively removing it from your control under the "minimum necessary" standard. Ensure the BAA includes a clause that your data is for inference only and is immediately deleted after processing.

2. Data Residency & Sub-Processors

Request a current list of all sub‑processors. If the vendor relies on a service such as OpenAI's API or Anthropic's Claude, you must verify that the vendor has a Business Associate Agreement with that sub‑processor.

3. Encryption: At Rest and In Transit

Encryption is the minimum technical requirement for protecting ePHI.

  • In Transit: Verify TLS 1.3 is in use. Refuse vendors using older protocols like TLS 1.1 or SSL.
  • At Rest: AES-256 encryption is the industry standard for data stored on servers and databases.

4. Auditing and Accountability (PHI)

The HIPAA Security Rule requires the ability to track activity in information systems containing ePHI. The AI platform must generate audit logs that record every interaction with patient data.

5. Authentication & Access Controls

Shared passwords or simple email/login credentials are unacceptable for ePHI access.

  • Support for Single Sign-On (SSO) via SAML 2.0 or OIDC, integrated with your identity provider (Okta, Azure AD, etc.). This ensures that when a physician leaves your practice, their access is revoked immediately across all systems.
  • MFA: Multi-Factor Authentication must be enforced for all administrative accounts and ideally for all users.
  • Role-Based Access Control (RBAC): Can you configure the system so a medical assistant can view a schedule but cannot modify a clinical note, while a physician can do both? RBAC is essential for adhering to the "minimum necessary" standard.

6. Model Training and Data Retention Policies

You must explicitly prohibit the vendor from using your clinical data to train their foundational models. Look for language regarding a "closed loop" system where your data is siloed.

  • Retention: You must control the data lifecycle. Can you configure the system to automatically delete raw audio files 30 days post-encounter while retaining the finalized text note indefinitely? Auto-deletion policies minimize your breach surface area.

7. Third-Party Audits & Certifications

A vendor's word is not enough. They must provide evidence of independent audits.

  • SOC 2 Type II: This report proves that the vendor’s controls have been audited for effectiveness over a period of time (usually 6-12 months).
  • HITRUST CSF: This is a certifiable framework that incorporates HIPAA, ISO, and NIST standards. It is a much more rigorous and expensive audit to pass, signaling a higher level of security maturity.

8. Breach Notification Protocol

HIPAA requires covered entities to notify affected individuals within 60 days of a breach discovery. Your contract must obligate the vendor to notify you immediately upon their discovery of a breach, not 60 days later. If they take 30 days to tell you there was a breach, you have only 30 days left to investigate and notify patients. The contract should stipulate notification within 24‑72 hours of verification.

9. API Security & Integration

The integration point between the AI scribe and your EHR is a common vulnerability.

  • Secure Tokens: Ensure the integration uses OAuth 2.0 tokens for authorization, rather than storing your master EHR username and password on the vendor's server.
  • API Rate Limiting: Ask if the vendor’s API has rate limiting to prevent a malicious script from pulling thousands of notes in seconds.
  • Scoped Access: Does the API connection use "scoped" access, meaning it can only write to the "Encounter Notes" field and cannot read the entire patient demographic database?

10. Ambient Data Collection

Ambient AI scribes use a smartphone or wearable microphone to listen to the conversation.

  • Data Minimization: What exactly is being streamed? Is it just the audio, or does the app collect telemetry such as GPS coordinates, accelerometer data, or a list of nearby Wi-Fi networks? If the app collects location data during a home health visit, that GPS coordinate becomes part of the ePHI record.

11. Redaction and Anonymization Logic

AI can sometimes "hallucinate" or be overly sensitive. If a patient mentions sensitive information to the doctor in passing, the AI should be smart enough to exclude that from the medical record.

  • What to Do: Ask how they handle "incidental capture", for example, if a family member in the room speaks and mentions sensitive information not related to the patient's care. The vendor should have a logic layer that distinguishes between relevant clinical dialogue and ambient noise or off-topic conversation.

12. End-of-Life and Data Migration

Vendor lock‑in is a business risk, but data hostage is a compliance risk.

  • Data Export: The contract must guarantee your right to a full, structured export of all PHI in a commonly readable format (e.g., JSON, CSV, or HL7/FHIR standards) upon termination.
  • Certified Destruction: Following the export, the vendor must provide written certification that they have purged your data from all production and backup systems, including logs and caches, in accordance with HIPAA’s data disposal requirements.

Conclusion

The promise of AI medical scribes is undeniable. By automating the process of clinical documentation, they offer a path back to meaningful patient interactions and a cure for the burnout crisis in the healthcare workforce.

However, as outlined above, the rush to adopt this technology cannot come at the cost of patient privacy or regulatory integrity. A vendor's interface and claims of being "HIPAA compliant" are not substitutes for independent audits and contractual protections. The liability for a data breach rests firmly on your organization.


References

Alder, S. (2026, January 3). HIPAA Privacy Rule - Updated for 2026. The HIPAA Journal.

Alder, S. (2026, January 29). HIPAA Security Rule - Updated for 2026. The HIPAA Journal.

Choi, A., & Mei, K. X. (2025, March 21). What are AI hallucinations? Why AIs sometimes make things up. The Conversation.

Stanger, K. (2023, October 19). Business Associate Agreements: Requirements and Suggestions. Holland & Hart LLP.

FAQ

Frequently asked questions

  • Is it legal to record patient encounters with an AI scribe?

    Yes, it is legal, but it requires explicit patient consent.

    • One-Party vs. All-Party Consent: In most states, only one person (the clinician) needs to consent to the recording. However, in states like California, Florida, and Pennsylvania, all-party consent is required, meaning the patient must be notified and agree to the recording.
    • Notice is Key: Best practice dictates that you notify the patient before the encounter begins, regardless of state law. This is often done via a signed consent form at intake or a verbal notification captured by the AI itself.
    • The Recording vs. The Note: Remember that the audio file is itself PHI. Your due diligence must include where that file is stored, how it is encrypted, and the policy for its automatic deletion.
  • What happens to the raw audio recording after the AI generates the note?

    The future of the audio file is a critical compliance variable that must be stated in your BAA and data retention policies.

    • Processing: The best AI scribe tools process the audio in real-time or delete the raw file immediately after the note is generated, leaving only the text transcript.
    • Retention for Model Improvement: Some vendors retain audio files to manually review and improve their AI models. You must explicitly prohibit this unless you have patient consent for this secondary use.
    • Your Control: The ideal scenario is having configurable retention rules. For example, you might set the system to auto-delete audio files after 30 days to allow for note review, but ensure they are permanently purged from backups thereafter, minimizing your breach surface area.
  • How do AI scribes handle sensitive information overheard during a session (e.g., a patient discussing finances or family issues)?

    This depends on the AI's "redaction logic" and configuration, which is why testing this feature is point #11 in our framework.

    • Clinical vs. Non-Clinical: A well-trained AI scribe should distinguish between clinically relevant information (e.g., "I've been feeling depressed since my father passed away") and incidental personal information (e.g., "I still need to pay my credit card bill"). The former belongs in the note; the latter should be excluded.
    • Hallucination Risk: There is a risk that the AI might misinterpret a sensitive off-hand comment and erroneously include it as a clinical finding. This is why a clinician review is mandatory before the note is finalized in the EHR.
    • Best Practice: Look for vendors that allow you to customize the AI's instructions. You can explicitly tell the AI to "exclude all financial discussions" or "only include information related to the presenting problem," giving you control over the output.
More

Continue reading