We know that electronic medical record (EMR) vendors and other developers are increasingly offering “AI scribe” services that summarize or transcribe conversations with patients into detailed medical notes for physicians. Some tools now also generate referral letters and reminders, and may provide suggestions (e.g. possible diagnoses, treatments or prescriptions).
Most Colleges have stated that physicians using AI scribes should obtain consent, be accountable for the accuracy of chart entries, and recognize the risks relating to privacy and bias.
Here are some of the main questions CMPA has been getting about these services.
Do I need to obtain consent from the patient before using an AI scribe?
Yes, prior to making any recording of a clinical encounter, you should obtain patient consent.
The patient should receive an explanation in understandable language about the purpose of the recording or transcription (e.g. that it may be used by the AI tool to draft a medical note of the visit, which you will review and edit). When obtaining consent, clearly explain the risks relating to privacy (e.g. inherent risks associated with digital processing) and accuracy (e.g. AI may produce inaccurate or biased chart entries, though subject to physician review and oversight). Document the consent discussion in the patient’s medical record, and include any consent form if used.
What steps do I need to consider to ensure the accuracy or reliability of the patient note?
AI may “hallucinate,” misinterpret information, or introduce biases. As a result, you should review the medical notes transcribed by AI scribes to prevent incorrect information from becoming part of the patient’s medical record. Colleges also require physicians to review their records to ensure accuracy and completeness.
A patient who is injured because of an error in an unreviewed chart entry may launch a hospital complaint, College complaint, human rights complaint, or a legal action depending on the nature of any harm they have suffered and the impact of the alleged inaccuracy.
While it is possible the AI scribe company could also bear some responsibility for injury resulting from an inaccurate transcription, the terms of use will often require physicians to review and take responsibility for any chart entry.
How should I review whether the service meets privacy and security requirements under privacy legislation?
AI scribe technology can involve the collection and transfer of health information to the AI scribe vendor, so that it can be processed by the AI tool. Some AI scribe companies may also store this information on their servers (either inside or outside Canada).
Physicians should therefore consider whether the AI scribe they intend to use meets the applicable privacy requirements in their jurisdiction. For example, privacy legislation generally requires custodians to implement reasonable safeguards to protect personal health information under their control (e.g., encryption), and to ensure patient information is only used as needed to provide the service (e.g., not for secondary purposes such as model training or product improvement). If you are the custodian, it is also important to consider whether your clinic privacy policy mentions AI scribe use, and whether information may be processed or stored outside Canada.
In some jurisdictions, a privacy impact assessment (PIA) may also be required (or encouraged by the College or Privacy Commissioner) before using a new tool such as an AI scribe. For example, in Quebec and Alberta, PIAs are generally required before implementing new AI systems, and Quebec also requires a PIA before patient information is transferred outside of Quebec.
If you work in a hospital or facility in which you are not the custodian, you should raise the proposed use of an AI scribe with facility administration to review privacy compliance obligations and ensure you are authorized to use the tool.
What are some key issues to consider when selecting and implementing an AI scribe?
As with any tool, consider how it will improve care compared to existing practices and consult with colleagues and professional associations who may have experience with the tool. Procurement programs now exist that assess AI scribe vendors against clinical, privacy, and security requirements.1
The following questions reflect characteristics and risks specific to AI. Physicians may wish to review them with their personal or business counsel and, where relevant, their provincial/territorial medical association:
Validation and post-deployment monitoring: Has the vendor disclosed the validation context (intended populations/settings) and known limitations so you can assess suitability for your practice? What monitoring plan is in place to ensure performance of the AI scribe tool remains acceptable over time?
Privacy and security: Has the vendor agreed to comply with applicable privacy legislation and confidentiality obligations, maintain appropriate privacy policies and safeguards (e.g., encryption, role-based access), use patient information only as needed to provide the service, retain patient information only as long as necessary with clear timelines for deletion, and report any security or privacy breach promptly?
Interoperability: Does the tool integrate seamlessly and safely with your EMR system?
Liability and indemnification: Does the contract avoid blanket clauses that shift all risk to the physician? For example, does the vendor accept responsibility for its own privacy or security failures? Is each party generally responsible for the consequences of their own negligence?
What record keeping obligations should be considered with AI scribe recordings of the patient encounter?
While the final chart entry is subject to record retention requirements, a majority of Colleges do not generally address whether audio recordings or transcripts of this nature must also be kept in the patient’s chart.
However, guidance from the Collège des médecins du Québec suggests these recordings and verbatim transcripts qualify as draft aids, which should be destroyed after the chart entry has been finalized. It is therefore important to be familiar with and follow applicable College guidance on AI scribes in your province or territory.
When you are not the custodian, you are encouraged to work with hospital or facility administration to find ways to retain any clinically relevant information that may be required.
Some health authorities and institutions may also have policies on the retention or destruction of recordings of patient encounters.
Because AI tools and guidance continue to evolve, CMPA is monitoring developments and will update this article as needed.
Additional reading
References
-
