Abridge AI, Sutter Health & the Ambient Scribe Lawsuits: Why a HIPAA BAA Isn't Enough for Patient Consent

What the Sutter Health / MemorialCare lawsuit actually alleges

The case is captioned Washington et al. v. Sutter Health, filed April 8, 2026, in the U.S. District Court for the Northern District of California. According to reporting by TechTarget Healthtech Security, the plaintiffs — Christina Washington, Dennis Gueretta, and Rebecca Matulic — allege that Sutter Health and MemorialCare "deployed Abridge's ambient AI scribe, a widely used tool that records and transcribes clinical encounters, drafts clinical notes and incorporates them into EHR systems, without patient consent."

The plaintiffs claim they discussed sensitive medical information with their providers under circumstances where they reasonably expected privacy, and were not clearly told their conversations would be recorded, sent outside the clinical setting, or processed by third-party systems. The HIPAA Journal's coverage lists the four statutes invoked: the California Invasion of Privacy Act (CIPA), the California Confidentiality of Medical Information Act (CMIA), California's Unfair Competition Law, and the federal Wiretap Act — plus common-law invasion of privacy.

Importantly, Abridge AI itself is not a defendant. Analysis by Alston & Bird's privacy team notes that "although Abridge is not named as a defendant, the complaint repeatedly points to transmission of confidential medical information to external servers, and retention and processing of confidential information by an external technology provider as a key component of the legal violations." The deploying health systems carry the liability — not the vendor.

This is the second lawsuit, not the first — meet the Sharp HealthCare case

The Sutter/MemorialCare suit is part of a pattern, not an isolated event. As Medscape's June 2026 analysis by Dr. Amy Faith Ho explains, "The first ambient AI lawsuit was filed last November against Sharp HealthCare in San Diego. The second came just 2 months ago, when three patients filed a proposed class action against Sutter Health and MemorialCare in the Northern District of California. Both involve Abridge."

The Sharp HealthCare complaint is especially damning on a procedural point. Industry-side reporting from Alignmt AI's review of 2026 healthcare AI cases notes that "Sharp's EHR notes reportedly contained boilerplate language stating patients had been 'advised' of and 'consented' to the recording — when, according to the complaint, no such advisement or consent ever occurred." Plaintiffs' counsel estimated roughly 100,000 encounters were captured after Sharp's April 2025 Abridge rollout.

That's the exposure profile: CIPA allows statutory damages of $5,000 per recording, with no proof of harm required. 100,000 encounters times $5,000 is half a billion dollars in theoretical exposure from a single deployment.

Why a HIPAA BAA doesn't make this go away

This is the part that surprises health-system general counsel. Abridge signs Business Associate Agreements with its covered-entity clients, and under HIPAA those BAAs are the standard mechanism for permitting a vendor to process Protected Health Information. As the HIPAA Journal puts it, "Since the information collected, transmitted, and processed by the platform at the direction of its clients is related to healthcare operations, patient consent is not required by HIPAA, provided the healthcare organization has a HIPAA-compliant business associate agreement with Abridge AI."

So the lawsuit doesn't allege a HIPAA violation. It alleges state wiretapping and confidentiality violations — and those statutes operate in a completely separate consent regime. Medscape's analysis is blunt: "HIPAA is the floor when it comes to patient privacy, not the ceiling. While HIPAA governs use and disclosure of PHI, it does not preempt the California Invasion of Privacy Act (CIPA), the Federal Wiretap Act, or the all-party consent statutes. A vendor can be HIPAA-compliant and still expose its hospital client to per-encounter statutory damages under a state law."

HIPAA was built around the use and disclosure of medical information for treatment, payment, and operations. CIPA was built around the act of recording a confidential conversation. They answer different questions, and you have to comply with both. As Alignmt AI summarizes: "HIPAA is technology-neutral: it permits healthcare-operations disclosures without patient consent. CIPA is a separate consent regime for recording, and the two statutes answer different questions."

The statutory landscape: laws older than the cloud

One of the more striking features of these cases is that the statutes being used are decades old. The same Alignmt analysis notes that "the alleged violations are not hypothetical future AI laws. They are statutes older than most of the technology they're being applied to: the California Invasion of Privacy Act (1967), the Confidentiality of Medical Information Act (1981), California's Unfair Competition Law, and the federal Wiretap Act."

Under HHS's HIPAA Privacy Rule, healthcare-operations disclosures to a business associate don't require patient authorization. But the all-party consent regime is a parallel track. According to Medscape's reporting, "in California and 12 other states, every party must consent before recording begins." The complaints allege three things that together form the theory of liability:

1. Patients were not asked whether recording was okay.
2. Audio was transmitted to vendor servers and retained.
3. EHR notes contained boilerplate language stating the patient had consented (Sharp).

Federal data-protection regimes outside the U.S. raise an even higher bar. Recording is a processing activity under Article 4 of the GDPR, and health information enjoys special-category protection under Article 9, which requires explicit consent and prohibits general "legitimate interest" as a lawful basis.

Voice itself is PHI — the biometric layer of the problem

The ambient-scribe legal theory has a second front: biometric privacy. Voiceprints are one of the 18 identifiers that make health information protected. Medscape's Dr. Ho is explicit: "Under 45 CFR § 164.514, the voiceprint sits alongside the fingerprint, the medical record number, and the full-face photograph as one of the 18 identifiers that make health information protected. The moment a vendor captures audio, that audio is protected health information. There is no such thing as a 'de-identified' clinical recording."

That overlaps with state biometric statutes. Amundsen Davis's labor-side reporting describes a similar wave under the Illinois Biometric Information Privacy Act (BIPA), with cases like Cruz v. Fireflies.AI Corp. alleging that AI notetakers "collect and store 'voiceprints' — unique biometric identifiers derived from speech — without providing the written notice, informed consent, or transparent retention and destruction policies BIPA demands." If you're a multi-state health system, your exposure surface is the union of every all-party consent state plus every biometric privacy state.

Who actually owes the consent? Read the BAA before you find out the hard way

Most clinicians assume Abridge or another vendor will handle the legal pieces. The vendor agreements typically say the opposite. Medscape's reporting on the Sutter/MemorialCare suit notes that "Abridge's clinician terms of use agreement also states that users — not Abridge — are 'solely responsible' for obtaining patient consent to collect, store, and process their data." The recommended Abridge consent script is one sentence: "I will be using a tool that records our conversation to help me write my clinical note, so I can pay more attention to our conversation and less time on the computer. Is that okay with you?"

Plaintiffs' lawyers argue that's not enough. As Alston & Bird's analysis notes, "The Plaintiffs' theory is that general privacy notices, implied consent, or ad hoc clinician disclosures may not be enough to obtain consent-to-recording, particularly in California, an 'all party' consent state where all parties to a conversation must consent."

Microphones don't discriminate either. Dr. Ho points out a practical problem: "The microphone does not discriminate which voice belongs to the consenting patient. It records the spouse who came along. It records the staff. In the emergency department, in open bays and hallway gurneys, it records the patient in the next care space, the consult on speakerphone at the physician's desk, the nurse at the workstation behind the curtain. Every person present at a clinical conversation must be informed before recording." In a busy ED, getting valid all-party consent from every voice the microphone captures is essentially impossible.

Cloud ambient scribe vs. on-device transcription: the legal-theory comparison

Here's why the architecture of the AI tool matters legally, not just technically. The plaintiffs' theory in Washington v. Sutter Health is built on a chain: (1) audio is intercepted in the exam room, (2) audio is transmitted to a third-party server, (3) audio is retained and processed by an external vendor. If any of those links break, the theory weakens.

This isn't legal advice — every all-party consent jurisdiction will still require informed patient consent for any recording, and clinicians should follow their organization's policies. But the structural point is real: on-device capture removes the "interception and transmission to external servers" element that Alston & Bird identifies as central to the plaintiffs' theory.

The BAA fine print most health systems miss

The model-training clause is where ambient-scribe BAAs frequently fall short. Foley & Lardner's digital health practice notes that they've seen vendor contracts that "contain overbroad indemnity disclaimers essentially eliminating liability for the vendor" and that "fail to define permitted uses and disclosures or include uses and disclosures not permitted by HIPAA (such as allowing the vendor to train AI models on PHI without proper authorization or otherwise meeting a HIPAA exception)."

A 2026-specific concern is what happens to PHI absorbed into model weights. If a vendor trains on your patients' audio, even file-level deletion doesn't remove that information from the model. That's a problem the original HIPAA Security Rule wasn't drafted to anticipate. And under 45 CFR § 160.103, covered entities remain responsible for ensuring their business associates' downstream subcontractors are also bound by equivalent restrictions.

For more on how the cloud-ambient-scribe model compares to other AI notetaker architectures across compliance regimes, see our deep dive on employer liability for AI notetakers under BIPA and CIPA.

How Basil AI solves the ambient-scribe consent problem

Basil AI is built on a fundamentally different architecture than Abridge, Suki, Nuance DAX, and the other cloud ambient scribes. Audio capture happens on the clinician's iPhone, iPad, or Mac using Apple's on-device Speech Recognition framework, and the transcription runs locally on the device's Neural Engine — exactly the kind of edge-AI processing Apple's privacy documentation describes as keeping personal data on-device by default.

What that means practically:

• No external server, no transmission element. The "transmitted to external servers" allegation that drives Washington v. Sutter Health and the Sharp complaint does not apply.
• No third-party vendor processing PHI. Because no PHI leaves the device, the BAA question changes shape — Basil is not in the chain of custody for the audio.
• No model training on patient audio. There is no cloud pipeline through which audio could be siphoned into training data.
• Works in the ED basement. Because transcription runs locally, no network connectivity is required — clinicians can capture in rural clinics, RV ambulances, or windowless exam rooms.
• All-party consent is still required. On-device architecture does not waive CIPA or any state all-party consent law. Clinicians must still ask, document, and respect a patient's no. But the act of recording is now between the clinician and the patient — no third party in the room.

For technical detail on how the local pipeline works, see our walkthrough on WWDC 2026, Apple's on-device Foundation Models, and meeting privacy, and our comparison of bot-free vs. on-device privacy architecture.

What clinicians and health-system counsel should do now

Regardless of which scribe architecture you pick, the lawsuits make the operational checklist clear. The Feldesman Tucker analysis of the Sutter case recommends four steps: execute true BAAs with AI vendors, ensure consent procedures are in place (not buried in 14-page intakes), train clinicians on how to communicate the tool's use to patients, and document opt-outs explicitly.

Add three more from the case-law pattern:

1. Audit your EHR for boilerplate consent language. Sharp's complaint alleges chart notes auto-populated with consent language that didn't reflect what actually happened in the room. That's the kind of fact a plaintiff's lawyer dreams of.
2. Map your all-party consent exposure. California, Florida, Illinois, Maryland, Massachusetts, Montana, New Hampshire, Pennsylvania, Washington and a handful of others are all-party states. If you treat any patient in those jurisdictions, you operate under the strictest rule.
3. Read your vendor's terms of use, not just the BAA. Many ambient scribe vendors expressly push consent obligations onto the clinician. The BAA covers HIPAA. The terms of use cover consent. They are not the same document.

The bigger picture: from cloud-first to consent-first ambient AI

The ambient AI scribe market is large and growing fast. Medscape reports that Abridge alone has been deployed across more than 150 health systems, including the Department of Veterans Affairs and major academic medical centers. Athenahealth began offering its own ambient AI scribe free to all customers in February 2026. Roughly two-thirds of hospitals using Epic have adopted ambient AI tools, according to PrivaPlan's April 2026 compliance brief.

The technology works. The burnout-reduction numbers are real. But the legal trajectory is also clear: cases like Washington v. Sutter Health and the Sharp HealthCare complaint are testing whether laws written between 1967 and 1986 apply to a 2026 deployment pattern, and the early signals — multiple suits in seven months, no motions to dismiss granted yet, statutory damages stacking per encounter — suggest the courts are willing to apply them. As Medscape's Dr. Ho put it, "The lawsuits were inevitable. In the first year of medical school we learn to introduce everyone at the bedside: the student, the resident, the nurse, the tech. We never introduced the listener."

The path forward isn't to abandon AI documentation. It's to introduce the listener — and to choose listeners that don't require sending the patient's voice to a server in someone else's data center.

Capture Clinical Notes On-Device. Nothing Leaves the Room.

Basil AI runs entirely on your iPhone, iPad, and Mac. No cloud upload. No vendor servers. No third-party model training. Just on-device transcription and summaries — so you stay focused on the patient, and the patient's voice stays on your device.