Aaron Maguregui and Jennifer Hennessy Assess HIPAA Risks of AI Scribes

Foley & Lardner LLP partners Aaron Maguregui and Jennifer Hennessy are quoted in the Inside Telehealth article, “Privacy Experts: Beware of AI Scribe HIPAA Violations, Outdated Contracts,” sharing insights on the potential data and privacy risks the technology presents for digital health leaders.

Writing in a Foley Health Care Law Today blog featured in the article, the attorneys shared that the risk of a HIPAA violation corresponds to how an AI scribe is trained, deployed, integrated, and governed, noting that they are seeing vendor contracts with AI scribe providers not keeping pace with the rapid integration of AI in the health care ecosystem.

“We have seen vendor contracts that either (a) lack a compliant [business associate agreement], (b) contain overbroad indemnity disclaimers essentially eliminating liability for the vendor, or (c) fail to define permitted uses and disclosures or include uses and disclosures not permitted by HIPAA,” they explained.

Maguregui and Hennessy emphasized that digital health companies should scrutinize every vendor AI agreement and “ensure the or underlying services contract clearly defines: the data being accessed, stored, or otherwise processed, how the data may be used, including what data may be used for training, and whether data is de-identified or retained after service delivery.”

(Subscription required)