AI Scribes in Doctors’ Offices: What You Need to Know About Your Privacy

You sit down for a check-up, and your doctor starts typing notes into a computer. Increasingly, that typing is being replaced by an AI app listening to the conversation and generating a summary in real time. The technology, often called an AI medical scribe, promises to free doctors from paperwork and let them focus on you. But recent warnings from government authorities—most notably in Australia—are raising uncomfortable questions about where that audio and text data ends up, who can access it, and whether patients are being told at all.

Here’s what is happening, why it matters for your privacy, and what steps you can take.

What happened

In mid‑2026, the Australian government issued a formal alert about doctors using AI transcription tools in clinical settings. The warning, covered widely by outlets including The Guardian, did not ban the tools but cautioned that many products on the market may not meet existing privacy and security requirements under Australian law. The Office of the Australian Information Commissioner (OAIC) has indicated it is looking into complaints and may take enforcement action.

The warning follows a broader trend. In the UK, the NHS has announced plans to add an “AI triage” feature to its app, which similarly involves processing patient data through third‑party AI systems. In the United States, the use of AI scribes is widespread, but enforcement of health‑data privacy laws like HIPAA varies, and in practice many tools are cloud‑based, meaning data travels to servers that may be outside the control of the doctor’s practice.

How these tools work—and where the data goes

AI scribes typically work by recording or transcribing the conversation between you and your doctor using natural language processing. Some operate entirely on the device, but most rely on cloud servers to process the audio and generate notes. This means a recording of your conversation—or at least a detailed text transcript—is transmitted to a third‑party company, stored on its infrastructure, and potentially used to improve its models.

Few patients are explicitly told this is happening. Consent forms are often broad, and the AI scribe’s presence may be mentioned only in passing. In some cases, doctors themselves may not fully understand the data flows or the contracts they have signed.

Why it matters

Medical information is among the most sensitive personal data a person has—diagnoses, medications, family histories, mental health notes, even off‑hand remarks. Once that data leaves a doctor’s office, you lose a degree of control over it. It could be:

  • Accessed by the AI company’s employees or contractors.
  • Subject to data breaches (no cloud service is immune).
  • Used for training future AI models, even if that wasn’t disclosed.
  • Available to law enforcement or other government agencies under local laws, depending on where the data is stored.

Australia’s Privacy Act is currently under review, and existing protections may not have kept pace with AI scribes. In the European Union, the GDPR requires explicit consent for processing health data, but enforcement is uneven. In the US, HIPAA only applies if the AI company is acting as a “business associate” of a covered healthcare provider—and not all vendors sign such agreements.

What you can do as a patient

You don’t need to become a privacy lawyer, but asking a few questions can help you decide how comfortable you are.

Ask your doctor before the appointment begins:

  • “Are you using an AI scribe to record or transcribe our conversation?”
  • “Where does that data go—is it stored on your server or a cloud service?”
  • “Can you turn it off for this appointment?”

Read any consent forms carefully. If the form mentions data sharing with third parties for “improvement” or “development,” consider opting out or choosing a different provider. Under many national laws, you have the right to refuse non‑essential data processing.

Request an alternative. Many doctors will still be willing to take notes manually or use a human scribe if you ask. If they aren’t, you can weigh the trade‑off or seek care elsewhere.

Ask about data deletion. Even if you consent to the use of an AI scribe, you can ask how long the recording or transcript is kept and whether it can be deleted after the note is finalized.

What doctors and clinics should consider

If you run a medical practice, the responsibility doesn’t fall only on the patient. Vetting an AI scribe product means reading its privacy policy, understanding where data is stored, and ensuring the vendor signs a business associate agreement (or equivalent under local law) that clearly limits use of the data to the intended purpose. Regular audits and staff training on what to tell patients are also important. The Australian warning is a reminder that regulators are paying closer attention, and non‑compliance can bring penalties.

The bigger picture

AI scribes are not necessarily bad—many clinicians report they reduce burnout and improve note‑taking accuracy. But the rapid adoption has outpaced regulation and, in many cases, patient awareness. The Australian government’s warning is one of the first high‑profile signals that regulators intend to close that gap. Similar scrutiny is likely in other countries.

For now, the safest course is transparency. When patients know what’s happening with their data, they can make informed choices. When they don’t, trust erodes—and that is a cost no AI tool can afford.

Sources

  • The Guardian, “Doctors’ soaring use of AI scribes prompts Australian government warning over privacy” (July 2026)
  • Office of the Australian Information Commissioner, advisory on AI‑based clinical documentation tools (2026)
  • NHS Digital, “New ‘AI triage’ feature will be added to NHS app” (2026)
  • HIPAA Journal, “AI scribes and health data privacy: what providers need to know” (2025)