When a patient walks into an exam room, they expect to speak with a doctor and not a microphone.
That unmet expectation is at the center of a new California class-action lawsuit involving Sutter Health and MemorialCare. Specifically, it’s alleged that AI transcription technology was used to capture and process physician-patient conversations without proper consent… yikes!
This poses a warning for healthcare providers that AI medical transcription may ease the processing of clinical notes. Still, it poses a risk to confidentiality and privacy, especially if the patient does not authorize it.
The Real Issue Is Not AI, It’s Patient Consent
Physician-patient privilege states that information shared between the patient and the doctor is not disclosed to third parties. It’s also where it gets tricky, as the lawsuit claims that the healthcare provider used Abridge AI, without the institution disclosing that private medical conversations are recorded and processed through a third-party system.
While the case is still ongoing, it raises a serious question for healthcare organizations: who really has access to patient conversations once the microphone is turned on?
At $7.42 Million per Breach, Healthcare Privacy Mistakes Are Expensive
IBM’s 2025 Cost of a Data Breach Report found that healthcare is consistently the costliest industry for data breaches, with an average cost of $7.42 million.
Unlike business passwords that can be easily changed or a compromised credit card that can be replaced, a medical record and an exposed private conversation cannot be undone once they are mishandled.
This is why medical transcription services should not be evaluated based only on speed, price, or convenience.
Sure, AI transcription tools are significantly faster, which is important for clinical notes. However, the majority of them are neither secure nor, more importantly, accurate. It’s not the best idea to use, especially if the patient isn’t aware that the tool will be used.
The Problem Starts Before the Transcript Is Finished
Speaking of accuracy, in most transcription issues, people focus on the final output. These questions are often asked:
- Was the transcript accurate?
- Were the terms correct?
- Did the notes capture the right information?
Don’t get us wrong, those questions really matter. But with AI medical transcription, the risk does not lie in the final output, though it can exist before the transcript is even drafted.
Think about consent. If the conversation is being recorded without proper authorization, it becomes a bigger problem much earlier than accuracy. Your data may not be important to some, but in the wrong hands, it can be used as leverage, sold, or otherwise misused.
This is the main lesson from the Sutter Health and MemorialCare lawsuit. It is not merely about a bad transcription, though it involves the possible recording and processing of private medical conversations without proper consent.
Note that a medical transcript can become part of a patient’s health record. It can affect treatment and an insurance claim, and it can be reviewed later by another provider. That means the process used to create it matters equally as the final transcript.
Third-party Breach Involvement Doubled to 30%
In another data, Verizon’s 2025 Data Breach Investigations Report found that third-party involvement in breaches doubled from 15% to 30%.
There is no doubt about the emergence of AI’s abilities. However, its ability to provide secure, accurate transcripts is far from what legitimate transcription companies offer. Most AI companies rely on external servers, complex software integrations, and even subcontractors, all of which pose a risk of unauthorized access.
Still, that is not automatically a problem, especially if the patient agrees to the terms and conditions. This highlights that information and methods for handling patients’ data should be disclosed, controlled, and appropriate.
Also, even if the healthcare organization has strong internal privacy rules, those rules are immediately undermined if it sends patients’ data to a system the organization does not fully understand. What we mean is that if the healthcare organization does not understand how a transcription provider handles data and what happens after processing, then it is not merely buying transcription support. Instead, it only creates an unwanted layer of risk.
That is why medical, insurance, and legal transcription services need clear workflows, not vague promises.
AI Transcription Still Needs Human Oversight
AI has an undeniable use in healthcare documentation. It can help reduce administrative work and give faster clinical notes.
However, AI should not be treated as a complete replacement for oversight.
Medical conversations are often messy; healthcare providers know this well. Patients pause, correct themselves, speak over another person, use informal descriptions, or mention symptoms out of order. And in most cases, each doctor has their own style and may use abbreviations, technical terms, or context that is not obvious from the audio alone.
That is why trained human review still matters.
A trained transcriptionist or reviewer can identify audio challenges that automated systems may not handle well. In healthcare documentation, the goal is not merely to produce words quickly. The goal is to produce an accurate, secure, and usable record.
5 Questions to Ask Before Using AI Medical Transcription
Security is commonly claimed, not guaranteed. Before allowing patient conversations to be recorded or processed, healthcare organizations should ask questions that go beyond “How fast is it?” and “How much does it cost?”
| Question | Why it Matters |
| Will patients be informed before the recording occurs? | Any personal data requires consent before it is captured, ensuring that an individual has control over their personal information |
| Is the audio transmitted to external servers? | Transmission and storage of data, especially in outside servers, create privacy, security, and access risks |
| Is AI used to summarize clinical notes? | AI platforms create access risk, and their output has significantly lower risk than human output. |
| What happens after the transcript is complete? | Data retention, audit logs, and the platform’s response to breaches should be clearly laid out. |
A serious transcription provider should be able to answer these questions clearly.
And no, asking these questions is not being “too much.” There is no such thing when patient information is involved.
Medical Transcription Services Need More Than a Standard Vendor Checklist
Healthcare recordings are different from ordinary business recordings. They often contain protected health information, private patient concerns, treatment decisions, and details that can affect future care.
That makes medical transcription different from general transcription.
A healthcare provider needs to know whether a transcription partner can handle sensitive files securely, accurately, and responsibly. The California lawsuit shows why this matters. When patients are unsure whether they were recorded or whether their conversations were sent to a third-party system, uncertainty becomes its own trust problem.
That is especially important for clinics, hospitals, insurers, legal teams, and agencies that handle medical records or healthcare-related documentation.
The transcript may look like a simple document. The information behind it is not simple at all.
Why Clients Choose Ditto for Secure Medical Transcript Support
Sensitive transcription is about more than turning audio into text. It is about protecting the people, organizations, and records behind that audio.
At Ditto Transcripts, we help clients turn audio and video recordings into accurate, readable, and professional transcripts for medical, legal, law enforcement, government, business, insurance, academic, media, and personal use.
Here is what Ditto offers:
- Human transcriptionists: Ditto only employs trained professionals who can handle complex audio.
- Support for accessibility needs: We offer flexible, comprehensive transcript options, including speaker labels, readable formatting, and important visual descriptions when needed.
- Industry-specific experience: Ditto supports various fields, including medical, legal, insurance, and government transcription services, as well as other niche transcription projects.
- Secure handling: Sensitive recordings are handled through workflows designed to protect confidentiality and client information, as Ditto Transcripts is HIPAA-, CJIS-, and FINRA-compliant transcription support.
- Flexible legal transcription pricing: Clients can choose from our turnaround and pricing options based on their needs.
- No long-term contract required: Clients can use Ditto for one project or ongoing transcription needs, no strings attached.
- Client testimonials: Need we say more?
The goal is simple: provide accurate transcripts while treating sensitive recordings with the care they deserve.
Medical Transcription Should Not Be Treated Like a Commodity Purchase
The lesson from the Sutter Health and MemorialCare lawsuit is not limited to California.
Any hospital, clinic, private practice, insurer, law firm, government agency, or business that outsources sensitive transcription should know exactly where its recordings go and who can access them.
A transcript can become part of a medical record. It can support an insurance claim. It can appear in a legal matter. It can contain someone’s most private story. That means transcription should never be treated as a commodity purchase alone.
Ditto Transcripts is a Denver, Colorado-based transcription services company that provides fast, accurate, and affordable transcripts for individuals and companies of all sizes and is FINRA-, HIPAA-, and CJIS-compliant. Call (720) 287-3710 today for a free quote.