Is AI Scribing Legal in Maryland? (2026 Compliance Guide for Healthcare Providers)

Quick Answer

Yes, AI scribing is legal in Maryland — but Maryland is an all-party (two-party) consent state for recording oral communications, which means you must obtain consent from every party to the conversation before recording. For healthcare providers, this means you need explicit patient consent before using any AI scribe that records or processes the audio of a clinical encounter. When proper consent is obtained and HIPAA safeguards are in place, AI scribing can be lawfully implemented in Maryland medical practices.

Practice in Maryland? Scribing.io is fully compliant with Maryland recording laws. Try it free.

Recording Consent Laws in Maryland

Maryland's wiretapping and electronic surveillance law is codified under Maryland Code, Courts and Judicial Proceedings, § 10-402. This statute makes it unlawful to willfully intercept, endeavor to intercept, or procure any other person to intercept or endeavor to intercept any wire, oral, or electronic communication without the consent of all parties to the communication.

Specifically, § 10-402(a) establishes the general prohibition, while § 10-402(c)(3) provides an exception permitting recording when all parties to the communication have given prior consent. This is the critical provision for healthcare providers: the person recording and every other participant in the conversation must consent.

Key statutory provisions to understand:

• Md. Code, Cts. & Jud. Proc. § 10-401 — Definitions, including what constitutes "oral communication," "intercept," and "electronic communication."

• Md. Code, Cts. & Jud. Proc. § 10-402 — The core prohibition on interception of communications without all-party consent.

• Md. Code, Cts. & Jud. Proc. § 10-405 — Civil liability provisions, allowing aggrieved parties to sue for damages resulting from unlawful interception.

• Md. Code, Cts. & Jud. Proc. § 10-410 — Criminal penalties for violations, including felony charges carrying up to five years of imprisonment.

It is important to note that Maryland law applies to oral communications — which includes in-person conversations during clinical encounters — as well as telephone and electronic communications. An AI scribe that captures audio of a patient visit is capturing an oral communication and is therefore subject to § 10-402.

One-Party vs Two-Party Consent: What It Means for Your Practice

In one-party consent states, only one participant in a conversation needs to consent to its recording. In those jurisdictions, a physician who is a party to the conversation could lawfully record it without informing the patient.

Maryland is NOT a one-party consent state. Maryland requires the consent of all parties to the communication. This distinction has significant practical implications for healthcare providers:

• Every patient must be informed that the clinical encounter will be recorded or processed by an AI scribe, and must affirmatively consent before the recording begins.

• Every other participant — including nurses, interpreters, family members, or other providers present during the encounter — must also consent.

• Implied consent is legally risky. While Maryland courts have not explicitly defined a single standard for what constitutes valid consent under § 10-402, best practice strongly favors written, documented consent to eliminate ambiguity.

• Telehealth encounters are also covered. If you are conducting a telehealth visit with a patient located in Maryland, Maryland's all-party consent law applies. If the patient is in another state, you may also need to comply with that state's recording laws.

For AI scribing specifically, the act of capturing audio — even temporarily for real-time transcription — constitutes interception under the statute. Whether the audio is stored permanently or processed ephemerally and discarded does not eliminate the need for all-party consent to the initial capture.

HIPAA Requirements on Top of State Law

Compliance with Maryland's recording consent law is necessary but not sufficient. Healthcare providers must also satisfy federal requirements under the Health Insurance Portability and Accountability Act (HIPAA), specifically the Privacy Rule (45 CFR Part 164, Subpart E) and the Security Rule (45 CFR Part 164, Subpart C).

Key HIPAA considerations when using AI scribing tools:

• Business Associate Agreement (BAA): Any AI scribe vendor that receives, processes, transmits, or stores protected health information (PHI) is a business associate under HIPAA. You must execute a BAA with the vendor before use, as required by 45 CFR § 164.502(e) and 45 CFR § 164.504(e).

• Minimum Necessary Standard: Under 45 CFR § 164.502(b), you should ensure the AI scribe only accesses and processes the minimum amount of PHI necessary for its intended purpose (generating clinical documentation).

• Data Encryption and Security: The Security Rule (45 CFR §§ 164.312) requires technical safeguards including encryption of PHI in transit and at rest, access controls, and audit logging. Verify that your AI scribe vendor implements these safeguards.

• Patient Rights: Patients retain the right to access their records under 45 CFR § 164.524. AI-generated notes that become part of the medical record are subject to patient access requests.

• Notice of Privacy Practices: Under 45 CFR § 164.520, your Notice of Privacy Practices should reflect the use of AI tools for documentation, so patients understand how their information is being handled.

Note that patient consent under Maryland's wiretapping statute is separate from HIPAA authorization. HIPAA's treatment, payment, and healthcare operations (TPO) exception (45 CFR § 164.506) may allow use of PHI for documentation without a separate HIPAA authorization, but it does not override the state-law requirement to obtain consent for the recording itself.

Patient Consent Best Practices for Maryland

Given Maryland's all-party consent requirement, healthcare providers should adopt the following best practices to ensure legal compliance when deploying AI scribing:

1. Use Written Consent Forms: Develop a clear, plain-language consent form that explains: (a) the clinical encounter will be recorded via audio capture, (b) the recording will be processed by an AI-powered transcription tool, (c) the purpose is clinical documentation, (d) how the audio and transcript data will be stored and protected, and (e) the patient's right to decline.

2. Obtain Consent Before Recording Begins: The AI scribe must not be activated until consent has been obtained and documented. Never begin recording and seek consent retroactively.

3. Document Consent in the Medical Record: Note in the patient's chart that consent for AI-assisted documentation was obtained, including the date, method, and identity of the consenting parties.

4. Provide an Opt-Out Option: Patients must be able to decline AI scribing without it affecting the quality of their care. Have a fallback workflow (manual note-taking, traditional scribe) for patients who decline.

5. Re-Consent Periodically: Consider re-obtaining consent at regular intervals (e.g., annually) or when there are material changes to how the AI tool processes data.

6. Address All Parties: Remember that Maryland law requires all parties to consent. If a family member, interpreter, or other clinician is present, they must also consent to the recording.

7. Telehealth Considerations: For telehealth encounters, obtain verbal consent at the start of the session, document it, and confirm compliance with the recording laws of all applicable jurisdictions (the patient's location and the provider's location).

What Happens if You Don't Comply?

Non-compliance with Maryland's recording consent laws and HIPAA can result in severe consequences:

Criminal Penalties Under Maryland Law

Violation of Md. Code, Cts. & Jud. Proc. § 10-402 is a felony under § 10-410. Penalties can include imprisonment for up to 5 years and/or fines up to $10,000.

Civil Liability Under Maryland Law

Under § 10-410, any person whose communication is unlawfully intercepted may bring a civil action and recover:

• Actual damages (but not less than liquidated damages of $100 per day of violation or $1,000, whichever is higher)

• Punitive damages

• Reasonable attorney's fees and litigation costs

HIPAA Penalties

HIPAA violations enforced by the U.S. Department of Health and Human Services Office for Civil Rights (OCR) carry tiered civil monetary penalties under 42 USC § 1320d-5:

• Tier 1 (lack of knowledge): $137 to $68,928 per violation

• Tier 2 (reasonable cause): $1,379 to $68,928 per violation

• Tier 3 (willful neglect, corrected): $13,785 to $68,928 per violation

• Tier 4 (willful neglect, not corrected): $68,928 per violation, with an annual cap of $2,067,813 per identical provision

Note: HIPAA penalty amounts are adjusted annually for inflation. The figures above reflect recent adjustment ranges and may change.

Professional and Reputational Consequences

• Complaints to the Maryland Board of Physicians or other applicable licensing boards

• Medical malpractice liability if documentation errors arising from non-compliant AI tools lead to patient harm

• Loss of patient trust and reputational damage

Implementation Checklist

Use this checklist before deploying AI scribing technology in your Maryland practice:

This guide is provided for informational purposes only and does not constitute legal advice. Maryland healthcare providers should consult with a qualified healthcare attorney to ensure compliance with all applicable state and federal laws. Laws and regulations are subject to change; verify all citations against current statutes as of 2026.