Posted on
Mar 8, 2026
Is AI Scribing Legal in Kansas? (2026 Compliance Guide for Healthcare Providers)
Quick Answer
Yes, AI scribing is legal in Kansas when implemented in compliance with state recording laws, federal HIPAA regulations, and patient consent best practices. Kansas is a one-party consent state for recording communications, which means that only one party to a conversation needs to consent to it being recorded. However, healthcare providers must still satisfy HIPAA's privacy and security requirements and should implement transparent consent processes as a matter of best practice and risk management.
Practice in Kansas? Scribing.io is fully compliant with Kansas recording laws. Try it free.
Recording Consent Laws in Kansas
Kansas law governing the interception and recording of communications is found in K.S.A. § 21-6101 (formerly K.S.A. § 21-4001 prior to the 2011 recodification of Kansas criminal law). This statute makes it unlawful to intercept or record oral, wire, or electronic communications unless at least one party to the communication has given consent.
Under this framework, Kansas is classified as a one-party consent state. This means:
A physician, nurse, or other healthcare provider who is a party to the conversation may lawfully record or allow AI-assisted recording of a clinical encounter without needing the patient's explicit consent under state wiretapping law.
Third parties who are not parties to the conversation may not record without the consent of at least one participant.
It is important to note that while Kansas law permits one-party consent recording, this does not eliminate the need for patient consent under federal healthcare privacy regulations (HIPAA), nor does it override professional ethical obligations. The one-party consent framework addresses only the legality of the recording itself under Kansas criminal law.
One-Party vs Two-Party Consent: What It Means for Your Practice
In a one-party consent state like Kansas, one participant in a conversation can consent to its recording. For a medical practice using AI scribing technology, this typically means the clinician (as a party to the patient encounter) provides that consent.
By contrast, in two-party (or all-party) consent states, every participant in the conversation must agree to the recording. Kansas does not follow this stricter standard.
Practical Implications for Kansas Medical Practices
The recording itself is lawful if the clinician — who is a party to the encounter — consents to the AI scribe capturing the conversation.
Patient notification is still strongly recommended for ethical, HIPAA, and risk management reasons, even though Kansas criminal law does not require it.
Telehealth considerations: If a patient is located in a two-party consent state during a telehealth visit, the stricter consent standard of that state may apply. Practices should implement universal consent protocols for telehealth encounters to mitigate this risk.
HIPAA Requirements on Top of State Law
Regardless of Kansas recording law, any AI scribing tool used in a healthcare setting must comply with the Health Insurance Portability and Accountability Act (HIPAA), specifically:
The Privacy Rule (45 C.F.R. Part 164, Subpart E)
Audio recordings of patient encounters constitute protected health information (PHI).
PHI may only be used or disclosed for treatment, payment, and healthcare operations, or with patient authorization for other purposes.
Patients have the right to be informed about how their health information is collected, used, and stored, as outlined in the practice's Notice of Privacy Practices (NPP).
The Security Rule (45 C.F.R. Part 164, Subpart C)
Audio recordings and AI-generated transcripts must be protected with administrative, physical, and technical safeguards.
This includes encryption of data in transit and at rest, access controls, audit logs, and secure storage.
Business Associate Agreements (BAAs)
Any AI scribing vendor that creates, receives, maintains, or transmits PHI on behalf of a covered entity is a business associate under HIPAA.
A signed Business Associate Agreement (BAA) under 45 C.F.R. § 164.502(e) and § 164.504(e) must be in place before the vendor processes any patient data.
The BAA must specify the vendor's obligations regarding PHI security, breach notification, and permissible uses and disclosures.
The Breach Notification Rule (45 C.F.R. Part 164, Subpart D)
If audio recordings or transcripts containing PHI are accessed, used, or disclosed in an unauthorized manner, the practice must follow HIPAA breach notification procedures, including notification to affected patients, HHS, and in some cases, the media.
Patient Consent Best Practices for Kansas
Although Kansas's one-party consent law does not require patient permission to record, healthcare providers should implement robust consent practices for the following reasons:
HIPAA transparency obligations: Your Notice of Privacy Practices should describe how AI scribing technology is used and how PHI derived from recordings is handled.
Patient trust and satisfaction: Informing patients about AI-assisted documentation fosters transparency and preserves the therapeutic relationship.
Malpractice risk mitigation: Documented consent reduces exposure in the event of a malpractice claim or patient complaint to the Kansas Board of Healing Arts or other licensing bodies.
Ethical obligations: The American Medical Association (AMA) emphasizes informed consent and transparency when using AI in clinical settings.
Recommended Consent Workflow
Update your Notice of Privacy Practices to include a description of AI-assisted documentation and audio recording during clinical encounters.
Provide verbal notification at the start of each encounter: "We use an AI-assisted tool to help document this visit. The conversation will be recorded and processed to create your clinical notes. You may opt out at any time."
Offer a written consent form or acknowledgment for patients to sign, particularly for new patients or when first implementing AI scribing.
Document patient opt-outs clearly in the medical record, and have a workflow in place for manual documentation when a patient declines.
Post visible signage in examination rooms informing patients that AI-assisted recording may be in use.
What Happens if You Don't Comply?
Kansas State Law Violations
Violations of K.S.A. § 21-6101 can result in criminal penalties. Unlawful interception of communications is a severity level 8, nonperson felony under Kansas law. However, because Kansas is a one-party consent state, a clinician who is party to the conversation and consents to the recording is unlikely to violate this statute.
HIPAA Violations
HIPAA penalties are tiered based on the level of negligence, as enforced by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR):
Tier | Culpability Level | Penalty Per Violation | Annual Maximum |
|---|---|---|---|
Tier 1 | Lack of knowledge | $137–$68,928 | $2,067,813 |
Tier 2 | Reasonable cause | $1,379–$68,928 | $2,067,813 |
Tier 3 | Willful neglect (corrected) | $13,785–$68,928 | $2,067,813 |
Tier 4 | Willful neglect (not corrected) | $68,928+ | $2,067,813 |
Note: Penalty amounts are adjusted annually for inflation. Figures above reflect approximate 2026 amounts.
Professional Licensing Consequences
The Kansas Board of Healing Arts (governed by K.S.A. Chapter 65, Article 28) may investigate complaints related to improper use of patient information. Violations could result in disciplinary action, including license suspension or revocation.
Civil Liability
Patients may bring civil suits for invasion of privacy, breach of fiduciary duty, or negligence related to the mishandling of recorded health information, even in the absence of a criminal violation.
Implementation Checklist
Use this checklist to ensure your Kansas medical practice implements AI scribing in a compliant manner:
☐ Verify one-party consent compliance: Confirm that at least one party to the conversation (typically the clinician) consents to the recording.
☐ Execute a Business Associate Agreement (BAA) with your AI scribing vendor before any patient data is processed.
☐ Update your Notice of Privacy Practices (NPP) to disclose the use of AI-assisted documentation and audio recording.
☐ Implement a verbal disclosure script for clinicians to use at the start of each recorded encounter.
☐ Create a written consent/acknowledgment form for patients, particularly for initial implementation.
☐ Post signage in exam rooms indicating that AI-assisted recording may be in use.
☐ Establish an opt-out workflow so patients who decline recording receive the same quality of care with manual documentation.
☐ Verify encryption and security measures: Ensure recordings and transcripts are encrypted in transit and at rest per HIPAA Security Rule requirements.
☐ Configure access controls: Limit access to AI-generated notes and audio to authorized personnel only.
☐ Define data retention and deletion policies: Establish how long audio recordings are retained and ensure timely, secure deletion per your policies.
☐ Train staff on AI scribing workflows, consent processes, and HIPAA obligations related to recorded PHI.
☐ Document everything: Maintain records of BAAs, consent forms, staff training, and privacy policy updates.
☐ Address telehealth scenarios: Implement all-party consent protocols for telehealth visits where patients may be in two-party consent states.
☐ Conduct periodic compliance audits to ensure ongoing adherence to Kansas law, HIPAA, and your internal policies.
This guide is for informational purposes only and does not constitute legal advice. Healthcare providers should consult with a qualified healthcare attorney licensed in Kansas to address their specific circumstances.
