We know that electronic medical record (EMR) vendors and other developers are increasingly offering “AI scribe” services that summarize or transcribe conversations with patients into detailed medical notes for physicians.
Regulatory guidance is continuing to develop, but some Colleges have stated that physicians using AI scribes should proceed with caution and understand the risks involved1.
Here are some of the main questions the CMPA has been getting about these services.
Do I need to obtain consent from the patient before using an AI scribe?
Yes, prior to making any recording of a clinical encounter, you should obtain patient consent.
Some Colleges require the use of a separate consent form for recording clinical encounters, and privacy legislation in some provinces requires written consent prior to the use of a recording device or camera for any purpose. The consent form should explain in understandable language the purpose and potential uses of the recording. Use of a consent form is not a substitute for a proper and informed discussion with patients about the risks associated with the use of the technology, though the form can be used as the basis for an informed discussion with patients.
If the data may also be de-identified and used to improve the algorithm (i.e., allow the AI scribe to “learn”), this should also be explained to the patient.
What steps do I need to consider to ensure the accuracy or reliability of the patient note?
AI may “hallucinate,” misinterpret information, or introduce biases2. As a result, you should review the medical notes transcribed by AI scribes because of the significant risk that incorrect information may become part of the patient’s medical record. Colleges also generally require physicians to review their records to ensure accuracy and completeness.
A patient who is injured as a result of an error in an unreviewed chart entry may launch a hospital complaint, College complaint, human rights complaint, or a legal action depending on the nature of any harm they have suffered and the impact of the alleged inaccuracy.
While it is possible the AI scribe company could also bear some responsibility for injury resulting from an inaccurate transcription, the terms of use will often require physicians to review and take responsibility for any chart entry.
How should I review whether the service meets privacy and security requirements under privacy legislation?
AI scribe technology can involve the collection and transfer of health information to the AI scribe vendor, so that it can be processed by the AI tool. Some AI scribe companies may also store this information on their servers (either inside or outside Canada).
Physicians should therefore consider whether the AI scribe they intend to use meets the applicable privacy requirements in their jurisdiction. For example, privacy legislation generally requires that custodians adopt reasonable safeguards to protect personal health information under their control. If you are the custodian, it will be important to ensure the requisite safeguards are in place, including the use of encryption.
In some jurisdictions, a privacy impact assessment may also be required (or encouraged by the Privacy Commissioner) before using a new tool such as an AI scribe.
If you work in a hospital or facility in which you are not the custodian, you should raise the proposed use of an AI scribe with facility administration to review privacy compliance obligations and ensure you are authorized to use the tool.
What record keeping obligations should be considered with AI scribe recordings of the patient encounter?
While the final chart entry is subject to record retention requirements, legislative and regulatory requirements do not generally address whether audio recordings of this nature must also be kept in the patient’s chart.
Whether or not the recording using the AI scribe needs to be retained in the clinical record depends on whether it meets the definition of clinical information as set out in various provincial/territorial statutes, regulations, and College requirements. You will want to consider whether to store these recordings securely in the patient’s chart for the required retention period. If the recordings will not be maintained, you should have a policy setting out the timing and process for destruction (i.e., ensuring the report is accurate on the patient chart before destruction).
When you are not the custodian, you are encouraged to work with hospital or facility administration to find ways to retain any clinically relevant information that may be required.
Some health authorities and institutions may also have policies on the retention or destruction of recordings of patient encounters.
Additional reading
References
-
-