Posted on
Feb 18, 2026
Is AI Scribing Legal in Michigan? (2026 Compliance Guide for Healthcare Providers)
Is AI Scribing Legal in Michigan? (2026 Compliance Guide for Healthcare Providers)
Quick Answer
Yes, AI scribing is legal in Michigan when implemented in compliance with state eavesdropping statutes and federal HIPAA regulations. Michigan is a one-party consent state for recording private conversations, which means that only one party to the conversation needs to consent to the recording. As the healthcare provider initiating the AI scribe, your own consent to the recording satisfies Michigan's statutory requirement. However, HIPAA and medical ethics standards impose additional obligations regarding patient notification, data security, and consent documentation that go beyond what state eavesdropping law alone requires.
Practice in Michigan? Scribing.io is fully compliant with Michigan recording laws. Try it free.
Recording Consent Laws in Michigan
Michigan's eavesdropping statute is codified under Michigan Compiled Laws (MCL) § 750.539c, which makes it a felony to willfully use any device to eavesdrop upon a private conversation without the consent of all parties in certain contexts. However, this statute must be read alongside MCL § 750.539g, which provides critical exceptions.
MCL § 750.539g states that the eavesdropping prohibitions do not apply to a person who is a party to the private conversation. This exception effectively makes Michigan a one-party consent state. If you, as the healthcare provider, are a participant in the conversation being recorded or transcribed by the AI scribe, you satisfy the consent requirement under Michigan law by virtue of your own participation and consent.
Key Statutes to Know
MCL § 750.539a — Definitions, including the definition of "eavesdrop" and "private conversation."
MCL § 750.539c — Prohibition against eavesdropping on private conversations using devices.
MCL § 750.539d — Prohibition against installing or using devices for observation of persons in private places.
MCL § 750.539e — Prohibition against divulging or using information obtained through illegal eavesdropping.
MCL § 750.539g — Exemptions, including the party-to-the-conversation exception.
It is important to note that while Michigan law permits one-party consent recording, the recording must involve a party who has actually consented. An AI scribe tool that records a conversation between a provider and patient is legally permissible when the provider — as a party to that conversation — consents to the recording. A third party who is not part of the conversation cannot legally record it without the consent of at least one participant.
One-Party vs Two-Party Consent: What It Means for Your Practice
Understanding the distinction between one-party and two-party consent states is essential for healthcare providers considering AI scribing technology.
One-Party Consent (Michigan's Standard)
In a one-party consent jurisdiction like Michigan, only one participant in a conversation needs to consent to its recording. Because you, the healthcare provider, are a direct participant in the clinical encounter and you are the one deploying the AI scribe, your consent alone is sufficient to meet the state law threshold for lawful recording.
What This Means Practically
You do not need the patient's explicit consent under Michigan eavesdropping law alone to use an AI scribe during a clinical encounter, because your own consent as a party to the conversation satisfies MCL § 750.539g.
However, relying solely on one-party consent without informing patients is strongly discouraged for ethical, HIPAA, and malpractice liability reasons (discussed in detail below).
If your practice involves telehealth with patients in other states, you must evaluate the recording laws of the patient's state. Several states, including California, Florida, Illinois, and Washington, are two-party (all-party) consent states, which would require the patient's explicit consent as well.
Interstate Telehealth Considerations
When providing telehealth services to a patient located in a two-party consent state, the stricter standard generally applies. Providers should implement workflows that obtain explicit patient consent for any AI scribe recording during interstate telehealth encounters to avoid potential violations of the other state's laws.
HIPAA Requirements on Top of State Law
Even though Michigan's one-party consent law permits the recording, the Health Insurance Portability and Accountability Act (HIPAA) imposes federal requirements that layer on top of state eavesdropping law. HIPAA compliance is mandatory for all covered entities and their business associates, regardless of state recording consent rules.
Business Associate Agreement (BAA)
Under 45 CFR § 164.502(e) and 45 CFR § 164.504(e), any AI scribing vendor that creates, receives, maintains, or transmits protected health information (PHI) on behalf of a covered entity is a business associate. You must have a signed Business Associate Agreement (BAA) in place with your AI scribe vendor before any patient data is processed. The BAA must specify:
Permitted uses and disclosures of PHI
Safeguards the vendor will implement to protect PHI
Breach notification obligations
Requirements for returning or destroying PHI upon contract termination
Minimum Necessary Standard
Under 45 CFR § 164.502(b), covered entities must make reasonable efforts to limit PHI to the minimum necessary to accomplish the intended purpose. AI scribing tools should be configured to capture only the clinical information needed for documentation purposes and should not retain audio recordings longer than necessary.
Security Rule Compliance
The HIPAA Security Rule (45 CFR Part 164, Subpart C) requires administrative, physical, and technical safeguards to protect electronic PHI (ePHI). When evaluating an AI scribe vendor, ensure the platform provides:
Encryption of data in transit and at rest (consistent with NIST standards)
Access controls limiting who can view or retrieve recordings and transcriptions
Audit logging to track access to PHI
Automatic data deletion policies for audio recordings after transcription is complete
Patient Rights Under HIPAA
Under 45 CFR § 164.524, patients have the right to access their designated record set. If AI-generated clinical notes become part of the medical record, patients are entitled to request and obtain copies. Providers should establish clear policies on what constitutes the official medical record versus interim working data (e.g., raw audio recordings).
Notice of Privacy Practices
Under 45 CFR § 164.520, covered entities must provide patients with a Notice of Privacy Practices (NPP) describing how their PHI may be used and disclosed. If your practice uses AI scribing, your NPP should be updated to reflect that technology-assisted documentation tools may process patient encounter data.
Patient Consent Best Practices for Michigan
While Michigan's one-party consent law does not legally require you to obtain the patient's permission to record, best practices in medical ethics, risk management, and patient trust strongly favor obtaining informed consent. The following recommendations reflect guidance from medical professional organizations and healthcare compliance standards.
1. Inform Patients Before the Encounter
Notify patients — either verbally, through intake forms, or through signage — that an AI-assisted documentation tool will be used during their visit. Suggested language:
"Our practice uses an AI-assisted scribe to help document your visit accurately. The technology listens to our conversation and generates clinical notes for your medical record. The recording is processed securely and is not shared outside of your care team. You may opt out at any time."
2. Provide an Opt-Out Option
Allow patients to decline AI scribing without penalty or reduction in care quality. Document opt-out requests in the patient's chart. Ensure staff are trained to revert to manual documentation when a patient opts out.
3. Document Consent
Maintain a record that the patient was informed and either consented or opted out. This can be accomplished through:
A checkbox on intake forms
Electronic consent capture within the EHR
A verbal acknowledgment documented in the encounter note
4. Update Your Notice of Privacy Practices
As noted above, ensure your NPP reflects the use of AI scribing technology. This satisfies HIPAA's transparency requirements and reinforces patient trust.
5. Address Sensitive Encounters Separately
For encounters involving particularly sensitive topics — such as mental health, substance use disorders, HIV status, or reproductive health — consider implementing heightened consent protocols. Federal regulations such as 42 CFR Part 2 (governing substance use disorder records) may impose additional restrictions on recording and disclosure.
What Happens if You Don't Comply?
Non-compliance with Michigan eavesdropping laws, HIPAA, or both can result in significant legal, financial, and professional consequences.
Michigan State Law Penalties
Violation of MCL § 750.539c (eavesdropping) is a felony under Michigan law, punishable by:
Up to 2 years imprisonment
A fine of up to $2,000, or both
Additionally, under MCL § 750.539h, a person whose private conversation is illegally recorded may bring a civil action for damages, including actual damages, punitive damages, and reasonable attorney fees. The statute provides for statutory damages as well.
HIPAA Penalties
HIPAA violations are enforced by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and carry tiered penalties under 42 USC § 1320d-5 and 42 USC § 1320d-6:
Tier | Violation Level | Penalty Per Violation | Annual Maximum |
|---|---|---|---|
Tier 1 | Did not know (and reasonably should not have known) | $137 – $68,928 | $2,067,813 |
Tier 2 | Reasonable cause, not willful neglect | $1,379 – $68,928 | $2,067,813 |
Tier 3 | Willful neglect, corrected within 30 days | $13,785 – $68,928 | $2,067,813 |
Tier 4 | Willful neglect, not corrected | $68,928+ | $2,067,813 |
Note: Penalty amounts are adjusted annually for inflation. The figures above reflect approximate ranges as of 2025–2026. Always verify current amounts on the HHS OCR website.
Criminal violations under 42 USC § 1320d-6 can result in fines up to $250,000 and imprisonment up to 10 years for offenses committed with intent to sell or use PHI for personal gain.
Professional Licensing and Malpractice Risks
The Michigan Board of Medicine and other relevant licensing boards may investigate complaints related to unauthorized recording or privacy breaches, potentially resulting in disciplinary action including license suspension or revocation.
Patients who feel their privacy was violated may pursue malpractice claims or complaints to state regulators.
Reputational damage from privacy incidents can result in significant patient attrition and loss of community trust.
Implementation Checklist
Use this checklist to ensure your practice is fully compliant when deploying an AI scribe in Michigan:
☐ Verify vendor HIPAA compliance — Confirm that your AI scribe vendor can provide evidence of HIPAA-compliant security practices, including encryption, access controls, and audit logging.
☐ Execute a Business Associate Agreement (BAA) — Obtain a signed BAA from your AI scribe vendor before processing any patient encounters.
☐ Confirm one-party consent sufficiency — Verify that your practice model (in-person, telehealth, or hybrid) satisfies Michigan's one-party consent standard under MCL § 750.539g. For interstate telehealth, assess the patient's state laws as well.
☐ Develop patient notification procedures — Create intake forms, signage, or verbal scripts that inform patients about AI scribe use before the encounter begins.
☐ Implement opt-out workflows — Establish clear procedures for patients who decline AI scribing, including documentation of their preference and seamless transition to manual note-taking.
☐ Update your Notice of Privacy Practices (NPP) — Add language to your NPP disclosing the use of AI-assisted documentation technology.
☐ Train all clinical and administrative staff — Ensure that physicians, nurses, medical assistants, and front desk staff understand consent procedures, opt-out protocols, and privacy obligations.
☐ Establish data retention and deletion policies — Define how long audio recordings are retained, when they are deleted, and what constitutes the official medical record versus interim data.
☐ Address sensitive encounter protocols — Create heightened consent procedures for mental health, substance use, HIV, reproductive health, and other sensitive encounter types, accounting for 42 CFR Part 2 and other applicable regulations.
☐ Conduct periodic compliance audits — Schedule regular reviews of your AI scribe workflows, vendor compliance, consent documentation, and data security practices.
☐ Maintain an incident response plan — Have a documented plan for responding to potential breaches or unauthorized disclosures involving AI scribe data, consistent with HIPAA breach notification requirements under 45 CFR §§ 164.400–164.414.
Practice in Michigan? Scribing.io is fully compliant with Michigan recording laws and HIPAA requirements. Try it free.
