Posted on
Jul 2, 2026
Is AI Scribing Legal in New Hampshire? (2026 Compliance Guide for Healthcare Providers)
Quick Answer
Yes, AI scribing is legal in New Hampshire when implemented in compliance with state recording consent laws and federal HIPAA regulations. New Hampshire is a one-party consent state for recording communications, which means that only one party to a conversation needs to consent to its recording. For healthcare providers, this means a physician or clinician who is a party to the patient encounter can legally record or use AI transcription tools without obtaining separate recording consent from the patient — though best practices and HIPAA obligations strongly recommend transparency and patient notification.
Practice in New Hampshire? Scribing.io is fully compliant with New Hampshire recording laws. Try it free.
Recording Consent Laws in New Hampshire
New Hampshire's wiretapping and eavesdropping statute is codified under RSA 570-A:2 (New Hampshire Revised Statutes Annotated, Chapter 570-A). This law makes it a criminal offense to intercept or record any telecommunication or oral communication without the consent of at least one party to the communication.
Key provisions relevant to healthcare providers include:
RSA 570-A:1 — Defines key terms including "oral communication," "intercept," and "electronic communication."
RSA 570-A:2 — Establishes the core prohibition: it is illegal to willfully intercept or record any oral, wire, or electronic communication unless at least one party to the communication has given prior consent. This establishes New Hampshire as a one-party consent state.
RSA 570-A:2, II — Provides exceptions for law enforcement and certain other circumstances, though healthcare providers would rely on the general one-party consent framework rather than these specific exceptions.
Because AI scribing tools function by recording and transcribing a clinical encounter in which the healthcare provider is a direct participant, the provider's own consent to the recording satisfies the statutory requirement under RSA 570-A:2.
One-Party vs Two-Party Consent: What It Means for Your Practice
Understanding the distinction between one-party and two-party consent is critical for healthcare compliance:
Consent Type | Requirement | New Hampshire? |
|---|---|---|
One-Party Consent | Only one participant in the conversation needs to consent to the recording. | Yes — NH follows this standard under RSA 570-A:2 |
Two-Party (All-Party) Consent | All parties to the conversation must consent to the recording. | No — this is not required in NH |
What this means practically: As a healthcare provider who is a party to the clinical encounter, your own consent to activate an AI scribing tool satisfies New Hampshire's recording consent law. You are not legally required under RSA 570-A to obtain separate recording consent from the patient.
However, important caveats apply:
Telehealth encounters may involve patients located in other states. If a patient is in a two-party consent state (such as California or Massachusetts), the stricter consent standard of that state may apply. Providers should assess applicable law based on the patient's location during telehealth visits.
Ethical and professional obligations imposed by the New Hampshire Board of Medicine or other licensing bodies may set higher standards than the statutory minimum. Transparency with patients about recording practices is widely recommended by medical ethics guidelines.
HIPAA requirements (discussed below) impose additional obligations independent of state recording law.
HIPAA Requirements on Top of State Law
Even where New Hampshire state law permits one-party consent recording, healthcare providers must independently comply with the federal Health Insurance Portability and Accountability Act (HIPAA), specifically:
The HIPAA Privacy Rule (45 CFR Part 164, Subpart E)
AI-generated clinical notes constitute Protected Health Information (PHI). The creation, storage, transmission, and processing of these records must comply with the Privacy Rule's minimum necessary standard and permitted uses and disclosures.
If an AI scribing vendor processes PHI on behalf of a covered entity, it is acting as a Business Associate under HIPAA.
Business Associate Agreements (45 CFR § 164.502(e) and § 164.504(e))
Before deploying any AI scribing tool, healthcare providers must execute a Business Associate Agreement (BAA) with the AI vendor. This agreement must specify how PHI will be used, stored, secured, and disposed of.
The BAA must address breach notification responsibilities, data retention policies, and restrictions on the vendor's use of patient data for training AI models or other secondary purposes.
The HIPAA Security Rule (45 CFR Part 164, Subpart C)
All electronic PHI (ePHI) created by AI scribing must be protected with appropriate administrative, physical, and technical safeguards.
Providers should verify that the AI scribing tool uses encryption in transit and at rest, maintains access controls, and produces audit logs.
The HIPAA Breach Notification Rule (45 CFR §§ 164.400–414)
Any unauthorized access, use, or disclosure of PHI generated through AI scribing triggers breach notification obligations to affected patients, the U.S. Department of Health and Human Services (HHS), and potentially the media.
Key point: State recording consent law and HIPAA serve different purposes. Satisfying one does not satisfy the other. A provider could be fully compliant with RSA 570-A but in violation of HIPAA if they use an AI tool without a BAA or adequate security safeguards.
Patient Consent Best Practices for New Hampshire
While New Hampshire's one-party consent law does not legally require patient consent for recording, best practices in medical ethics, risk management, and patient trust strongly recommend the following:
Inform patients about AI scribing. Provide a clear, plain-language explanation — either verbally or in writing — that an AI tool is being used to assist with clinical documentation during the encounter. This can be integrated into your intake paperwork or posted in your office.
Obtain written acknowledgment when feasible. Although not required by RSA 570-A, having patients sign an acknowledgment that AI-assisted documentation is in use provides a layer of legal protection and demonstrates good faith. This is especially prudent for sensitive specialties (behavioral health, reproductive health, substance use treatment).
Allow patients to opt out. Offering patients the ability to decline AI recording — with an alternative documentation method such as traditional manual note-taking — reinforces patient autonomy and reduces complaint risk.
Document your disclosure process. Keep records of how and when patients were notified about AI scribing. This creates an audit trail demonstrating compliance with both ethical standards and HIPAA's transparency principles.
Update your Notice of Privacy Practices (NPP). Under HIPAA (45 CFR § 164.520), covered entities must provide patients with a notice describing how their PHI is used. If AI scribing tools process PHI, your NPP should reflect this. Update it to include a description of AI-assisted documentation.
Address telehealth scenarios specifically. For patients located out of state during telehealth encounters, implement a protocol to verify the patient's physical location and apply the recording consent law of that jurisdiction if it is more restrictive than New Hampshire's.
What Happens if You Don't Comply?
Non-compliance with recording consent and data privacy obligations can carry serious consequences across multiple domains:
State Criminal Penalties (RSA 570-A)
Violations of New Hampshire's wiretapping statute can result in criminal charges. Under RSA 570-A:2, illegal interception of communications is a Class B felony in New Hampshire. Additionally, RSA 570-A:11 provides a private right of action allowing individuals whose communications were illegally intercepted to sue for actual damages, punitive damages, and attorney's fees.
HIPAA Penalties
HIPAA violations are enforced by the HHS Office for Civil Rights (OCR) and can result in:
Civil monetary penalties ranging from $141 to $2,134,831 per violation category (adjusted annually for inflation), depending on the level of culpability.
Criminal penalties under 42 U.S.C. § 1320d-6 for knowing violations, including fines up to $250,000 and imprisonment up to 10 years for offenses involving intent to sell or use PHI for personal gain.
Professional Licensing Consequences
The New Hampshire Board of Medicine and other state licensing boards may investigate complaints related to unauthorized recording or privacy violations. Consequences can include disciplinary action, license suspension, or revocation.
Malpractice and Civil Liability
Inadequately documented encounters — or documentation errors introduced by AI tools without proper oversight — could expose providers to malpractice claims. Conversely, failure to disclose AI use could be alleged as a breach of fiduciary duty or informed consent obligations.
Reputational Harm
Patient trust is foundational to clinical practice. News of privacy violations or covert recording practices can cause lasting damage to a provider's reputation and patient base.
Implementation Checklist
Use this checklist before deploying AI scribing in your New Hampshire practice:
Verify one-party consent compliance: Confirm that the provider using the AI scribe is a direct participant in the recorded encounter, satisfying RSA 570-A:2.
Execute a Business Associate Agreement (BAA): Ensure your AI scribing vendor has signed a HIPAA-compliant BAA before any PHI is processed.
Verify vendor security safeguards: Confirm the vendor uses encryption (in transit and at rest), maintains access controls, and provides audit logging consistent with the HIPAA Security Rule.
Update your Notice of Privacy Practices: Add language disclosing the use of AI-assisted documentation tools in your NPP.
Create a patient notification protocol: Develop a standardized process for informing patients about AI scribing — whether through signage, intake forms, or verbal disclosure.
Offer an opt-out mechanism: Establish an alternative documentation workflow for patients who decline AI recording.
Develop a telehealth consent protocol: Implement location verification for telehealth patients and apply the more restrictive consent law when a patient is in a two-party consent state.
Train your staff: Ensure all clinical and administrative staff understand the AI scribing workflow, consent obligations, and how to handle patient questions or objections.
Review AI-generated notes: Establish a mandatory provider review process for all AI-generated clinical documentation before it becomes part of the medical record. This is both a quality assurance and a liability mitigation measure.
Establish a data retention and deletion policy: Confirm how long audio recordings and transcripts are stored by the vendor, and ensure deletion protocols align with your records retention requirements and patient preferences.
Consult legal counsel: Have a healthcare attorney licensed in New Hampshire review your AI scribing implementation, consent forms, and vendor agreements before deployment.
This guide is for informational purposes only and does not constitute legal advice. Healthcare providers should consult with a qualified attorney licensed in New Hampshire to address their specific circumstances. Laws and regulations are subject to change; this guide reflects information available as of 2026.
