How to use ambient AI in healthcare as litigious winds begin to blow: 10 tips from experienced attorneys

As a class-action lawsuit gets rolling in California over the use of ambient AI in healthcare, a national law firm is drawing takeaways for hospitals and other provider organizations. Makes sense: All AI-equipped providers are potential targets for similar litigation now. 

The plaintiffs in the case, Washington et al v. Sutter Health, claim Sutter and Memorial Health Services used the technology to secretly record, transcribe and transmit sensitive medical conversations without patients’ informed consent. 

The ambient AI vendor Abridge, a Sutter supplier, is mentioned repeatedly in the suit but is not named not as a defendant.

The law firm offering the analysis, Cincinnati-headquartered FBT Gibbons, suggests the case can serve as a reminder of a risk inherent to AI in healthcare: Healthcare organizations face legal exposure not only from how an AI tool functions but also from how it gets implemented, disclosed, governed and monitored.

The suit was filed in April and is still in preliminary stages. Here are 10 lessons to learn from the case before it even reaches a court—and regardless of its ultimate outcome—from Mason Clutter, JD, and colleagues at FBT Gibbons. 

1. As adoption accelerates, so too does litigation risk.

This is particularly so where AI is used in ways that intersect with sensitive patient communications, health information or high-trust clinical settings, Clutter and co-authors Michael Ruggio, JD, and Neha Matta, JD, write. 

 

2. In healthcare, AI risk is rarely confined to one silo.

“A single use case may implicate privacy, consent, confidentiality, data governance, cybersecurity, vendor management, professional liability and consumer protection concerns all at once,” the authors point out.

3. Notice and consent remain central where AI tools capture or process patient communications.

Particular attention must be paid to this point in states with strict privacy or all-party consent laws, Clutter and colleagues state. 

 

4. Healthcare entities should closely evaluate how sensitive data flows through the AI tool. 

Providers do well to consider whether audio, transcripts or other outputs are transmitted outside the immediate clinical setting, retained for quality assurance or model improvement, or made accessible to vendor personnel, the attorneys advise.  

 

5. Organizations should be careful not to assume that using a third-party platform transfers legal responsibility. 

“Vendor due diligence and management is a critical component of any good governance framework,” Clutter et al. remark. 

 

6. Healthcare AI governance should be risk-based, cross-functional and operationalized in real workflows. 

This generally means “maintaining an inventory of AI use cases; classifying those tools based on patient impact and data sensitivity; assessing privacy, security, unintended bias and clinical risk before deployment; and aligning the use case with patient notices, authorizations, policies and training.”

 

7. Even when a particular use case is legally permissible, opaque deployment can undermine patient confidence and invite scrutiny from regulators and plaintiffs’ counsel. 

Governance that emphasizes clarity, accountability and patient-centered implementation—in a word, transparency—can help organizations build and maintain trust, the legal experts emphasize. 

 

8. The legal framework for AI in healthcare is still evolving.  

As it continues to do so, organizations “should expect increased attention to whether they exercised reasonable care in selecting, implementing and overseeing these technologies,” the authors write. 

 

9. Thoughtful governance will not eliminate all risk, and it may not prevent every claim. 

“But it can help reduce exposure, improve defensibility, support more transparent patient interactions and place organizations in a stronger position to realize AI’s benefits responsibly.” 

 

10. The key question is no longer whether AI has a role in healthcare. 

“It is how to use it in a way that supports innovation, respects patient expectations, and stands up to legal and regulatory scrutiny,” Clutter and team comment. 

The full piece is posted here.