By 2025, 40% of US physicians were using AI documentation tools, according to the AMA’s AI survey. Most adopted these tools to reclaim the 3+ hours a day that the average physician spends on documentation and EHR work. The pitch was straightforward: let AI handle the note so the clinician stays focused on the patient.
Then, on May 12, 2026, Ontario’s Auditor General published her findings, and the pitch got complicated. This article explains what the Ontario audit actually found, why those findings matter to US physicians practicing under HIPAA, and what they mean for the decisions family physicians, internists, and practice managers are making right now about AI scribe adoption.
What the Ontario Auditor General AI Scribe Findings Actually Said
The Office of the Auditor General of Ontario examined 20 AI scribe vendors approved by Supply Ontario for use by healthcare professionals. Testing simulated real clinical encounters, and medical professionals compared the original recordings against the AI-generated notes.
Every approved vendor showed at least one inaccuracy, including hallucinations, missing information, and outright fabrication. Sixty percent recorded a different drug than what was prescribed. Seventeen of 20 systems missed key mental health details that were explicitly discussed in the recordings. Nine of 20 fabricated information, generating treatment plan suggestions, including therapy referrals and blood test orders that were never mentioned in the consultation.
The AI scribe audit findings also revealed a procurement process that weighted a vendor’s physical presence in Ontario at 30% of its scoring, while accuracy accounted for only 4%. Eleven of the 20 approved vendors failed to submit third-party security audits or privacy impact assessments. The auditor’s report stated clearly: “Inaccuracies in medical notes generated by AI scribe systems could potentially result in inadequate or harmful treatment plans that may potentially impact patient health outcomes.”
Why the Ontario Report Accelerates AI Scribe Legal Scrutiny in the US
Ontario has no jurisdiction over a family medicine practice in Ohio. The legal frameworks differ, and the procurement described was a government program. But the regulatory implications for US clinicians are real and already forming.
US class action litigation involving AI medical scribes is underway. In November 2025, a proposed class action was filed against Sharp HealthCare alleging that an ambient AI scribe recorded approximately 100,000 patient encounters without adequate informed consent. The lawsuit further alleged that the AI system generated documentation falsely stating consent had been obtained when it had not. California’s AB 3030, effective January 1, 2025, requires generative AI disclaimers in patient communications. Utah and Colorado have enacted their own AI disclosure mandates.
Under HIPAA, any AI scribe that processes protected health information is almost certainly a business associate, and every physician deploying one must have a valid Business Associate Agreement (BAA). Foley & Lardner, advising healthcare clients on AI scribe deployments, identified training AI models on real patient data without proper authorization as one of the most common HIPAA violations in this space.
The AI scribe’s legal scrutiny was forming before the Ontario audit landed. That report accelerated the timeline.
For physicians evaluating vendors in this environment, governance and workflow controls matter as much as transcription quality. Platforms such as Notiro are designed around that reality, combining ambient AI scribing with structured clinical workflows, physician review requirements, and coding support to help reduce documentation errors before information reaches the medical record.
AI Medical Scribe Risks That Apply Regardless of Geography
Three specific AI medical scribe risks emerge from the Ontario findings that US physicians cannot dismiss as a Canadian regulatory matter.
- Medication Errors In The Notes: 60% of the tested systems recorded the wrong drug. A physician who misses this during review, and whose patient experiences an adverse event, faces direct liability. Most jurisdictions hold the clinician responsible for the accuracy of the medical record regardless of how it was generated.
- Fabricated Clinical Content: Nine of 20 systems added treatment suggestions that were never discussed during the visit. A fabricated referral that appears in the note unchallenged can enter both the clinical and billing records, creating exposure on both ends.
- Missing Attestation: The Ontario audit confirmed that none of the 20 approved systems required a formal physician sign-off before a note was entered into the patient record. Without a mandatory attestation step, it is difficult to demonstrate that the physician reviewed the AI output. That gap is exactly what the Sharp HealthCare lawsuit exploited.
This is increasingly where leading AI documentation platforms differentiate themselves. Notiro, for example, incorporates physician oversight into the documentation workflow so clinicians remain the final decision-makers before information is finalized. That approach aligns with emerging regulatory expectations that AI should support clinical documentation, not replace professional judgment.
What AI Scribe Regulation Is Moving Toward in the US
US AI scribe regulation is not yet codified at the federal level specifically for clinical documentation tools, but the direction is clear. The 2026 HIPAA Security Rule overhaul addresses AI-related threat vectors following breaches that exposed the protected health information of more than 289 million individuals in 2024 alone. The Federation of State Medical Boards adopted guidance in April 2024, placing the responsibility for documentation review squarely on the licensed clinician.
The FDA has not yet formally regulated AI scribes as Software as a Medical Device. That position is conditional. If a scribe tool begins guiding care decisions, as the Ontario audit found is already happening with fabricated treatment suggestions appearing in notes, the regulatory threshold shifts. Ontario’s auditor benchmarked the provincial AI program against international public-sector standards and found governance gaps at every level. That benchmarking framing matters: regulators across jurisdictions are drawing on each other’s findings.
What US Physicians Should Require From Any AI Scribe Tool Today
The Ontario procurement data, with accuracy weighted at just 4%, tells physicians what to demand that a government process demonstrably failed to ask for.
Practices should evaluate vendors not only on note generation quality but also on how AI is used throughout the workflow. Leading solutions such as Notiro combine ambient documentation, patient intake automation, and ICD-10 coding assistance in a single platform, helping healthcare teams save time, reduce administrative burden, and create more consistent documentation processes. By using AI to automate repetitive tasks while preserving clinician review, these systems can improve operational efficiency without sacrificing accountability.
A valid BAA before deployment. Any scribe vendor that declines to sign one is not HIPAA compliant, and the physician absorbs the liability gap. A mandatory physician review step before notes are entered into the EHR. A documented patient consent workflow, not an informal verbal exchange. Verifiable third-party accuracy data, not vendor claims alone. Confirmation that patient visit audio is not used to retrain the vendor’s models without a proper data use agreement.
The Ontario findings do not mean AI scribes are unsafe. Approximately 5,000 Ontario physicians were using them at the time of the report, with no documented patient harm attributed to the tools. The findings confirm that the tools require more rigorous evaluation than most practices and procurement processes have received to date. For the US physician now evaluating an AI medical scribe, the compliance questions matter as much as the note quality. The most effective platforms are no longer competing solely on transcription accuracy; they are helping practices streamline documentation, coding, and patient workflows while providing the governance safeguards that regulators increasingly expect.
51% of US physicians report burnout, and documentation is consistently identified as the primary driver, according to the AMA. Notiro was built for the physician who needs the whole workflow covered: patient intake, ambient scribing, and ICD-10 + CPT coding automation, within a HIPAA-compliant structure that includes a signed BAA. Start your free trial at notiro. No IT setup, no enterprise contract.
