AI in Health Care: Litigation Risk, Governance, and the Path to Responsible Adoption

Contributors

Related Capabilities

• Health Care AI & Pharma

Popular Insights

Receive email updates on topics that matter to you.

Artificial intelligence is increasingly being deployed across the health care sector to improve efficiency, reduce administrative burdens, and support better patient and provider experiences. Tools that assist with clinical documentation, patient engagement, workflow optimization, and other operational functions can offer significant benefits in a system under constant pressure to do more with limited resources. But as adoption accelerates, so too does litigation risk, particularly where AI is used in ways that intersect with sensitive patient communications, health information, or high-trust clinical settings.

A recently filed class complaint in the Northern District of California illustrates the kinds of claims that may emerge as AI tools become more common in patient care environments. The complaint challenges the use of an "ambient AI" clinical documentation tool developed by a third-party provider. Plaintiffs allege that confidential physician-patient conversations were recorded, transmitted, and processed without meaningful informed consent. Plaintiffs assert claims under the California Invasion of Privacy Act, the Confidentiality of Medical Information Act, the Unfair Competition Law, common law intrusion upon seclusion, and the federal Wiretap Act.

Regardless of the ultimate merits of those allegations, the case is a reminder that health care organizations face legal exposure not only from how an AI tool functions, but also from how it is implemented, disclosed, governed, and monitored. In health care, AI risk is rarely confined to one silo. A single use case may implicate privacy, consent, confidentiality, data governance, cybersecurity, vendor management, professional liability, and consumer protection concerns all at once.

That does not mean health care organizations should avoid AI. On the contrary, AI can provide meaningful benefits when deployed thoughtfully and responsibly. Clinical documentation tools may reduce provider burnout and allow clinicians to spend more time engaging with patients. AI-enabled systems may improve workflow efficiency, support more complete records, assist with population health initiatives, and enhance patient communications. A sound legal and governance approach should preserve these benefits while helping organizations manage the risks that accompany them.

The more durable lesson is that responsible AI adoption in health care requires more than enthusiasm for innovation or reliance on vendor assurances. Regulators and plaintiffs' lawyers are increasingly focused on accountability for AI-driven outcomes, regardless of whether the technology is developed internally or provided by a third party. In that sense, AI governance is not a drag on innovation; it is part of the defensibility strategy for scaling AI responsibly while preserving trust with patients, regulators, and business partners.

Several themes from the complaint serve as starting points for responsible deployment and use of AI. First, notice and consent remain central where AI tools capture or process patient communications, particularly in states with strict privacy or all-party consent laws. Second, health care entities should closely evaluate how sensitive data flows through the AI tool, including whether audio, transcripts, or other outputs are transmitted outside the immediate clinical setting, retained for quality assurance or model improvement, or made accessible to vendor personnel. Third, organizations should be careful not to assume that using a third-party platform transfers legal responsibility. Vendor due diligence and management is a critical component of any good governance framework.

More broadly, health care AI governance should be risk-based, cross-functional, and operationalized in real workflows. That generally means maintaining an inventory of AI use cases; classifying those tools based on patient impact and data sensitivity; assessing privacy, security, unintended bias, and clinical risk before deployment; and aligning the use case with patient notices, authorizations, policies, and training. It also means establishing clear expectations about when AI outputs may inform, but not replace, professional judgment and ensuring that decisions remain subject to appropriate human oversight.

Transparency is equally important. In a health care setting, trust is foundational and critical. AI efficiencies must be balanced against the need to build and maintain trust with patients. Patients are more likely to accept AI-enabled tools when organizations communicate clearly about what the technology does, why it is being used, what information it processes, with whom it is being shared (if anyone), and what safeguards are in place to protect privacy and confidentiality. Even when a particular use case is legally permissible, opaque deployment can undermine patient confidence and invite scrutiny from regulators and plaintiffs' counsel. Governance that emphasizes clarity, accountability, and patient-centered implementation can help organizations build and maintain trust.

As the legal framework for AI in health care continues to evolve, organizations should expect increased attention to whether they exercised reasonable care in selecting, implementing, and overseeing these technologies. Thoughtful governance will not eliminate all risk, and it may not prevent every claim. But it can help reduce exposure, improve defensibility, support more transparent patient interactions, and place organizations in a stronger position to realize AI's benefits responsibly. The key question is no longer whether AI has a role in health care. It is how to use it in a way that supports innovation, respects patient expectations, and stands up to legal and regulatory scrutiny.

At FBT Gibbons, we approach AI as a health care issue first, not simply a technology initiative. Our work focuses on the legal and governance questions that arise when AI is embedded into day-to-day health care operations, where clinical judgment, reimbursement, data protection, and regulatory accountability intersect. We collaborate with legal, compliance, IT, clinical, and operational stakeholders to help organizations adopt AI in a structured, responsible, and defensible manner.

We advise health care organizations on the legal, ethical, regulatory, and governance considerations that arise when AI tools are designed, acquired, implemented, and scaled across clinical and non-clinical functions. Our AI and Health Care team builds on the firm's longstanding experience advising health care organizations on regulatory compliance, privacy, and risk management in highly regulated environments.

For more information or support with developing and deploying AI responsibly, please contact the authors of this article or any member of our Health Care AI & Pharma team.