AI scribes are being adopted quickly across healthtech, and in most cases the underlying product does exactly what it promises — it reduces documentation burden, integrates into clinical workflows, and delivers clear operational value during pilots.

Very few deals fail at the product level. What typically slows or stops adoption is the transition from clinical validation into IT and security review, where the evaluation criteria shift from usability and outcomes to risk, control, and accountability.

At that point, the conversation changes. Instead of discussing accuracy or workflow improvements, you are asked to explain — in precise, technical terms — how patient data is handled within your system, and whether that handling meets HIPAA compliance requirements for AI scribes.

When an AI scribe processes protected health information (PHI) on behalf of a healthcare provider, it is typically acting as a business associate under HIPAA. In those cases, the relationship requires a business associate agreement (BAA), and the vendor must implement appropriate safeguards in line with the HIPAA Security Rule.

The question that consistently emerges, in one form or another, is the following:

If that question cannot be answered clearly — and backed by architecture, not intention — the deal rarely progresses.

Where AI scribe companies run into difficulty

In practice, the issue is rarely that a system is fundamentally insecure. More often, the problem is that the system cannot be explained in a way that withstands scrutiny. Most teams understand their pipeline at a high level — audio is captured, processed, and converted into structured output — but that level of abstraction breaks down quickly once a security review begins.

The moment the discussion moves into specifics, such as:

• where processing actually occurs

• what data leaves the primary environment

• how long data is retained

• who has access to raw or intermediate data

The answers tend to lose precision. That lack of precision — more than any individual vulnerability — is what causes security teams to lose confidence.

The first area of focus: how patient data flows through the system

At some point during the review, you will be asked to walk through your data flow in detail, starting from the moment audio is captured. This is not a conceptual overview — it is a step-by-step explanation of what happens to patient data as it moves through your system.

This includes:

• where the audio is transmitted

• which services process it

• whether it is stored, and under what conditions

• what leaves your infrastructure, and why

  
  

Teams often underestimate how precise this needs to be. Statements like “we use secure cloud infrastructure” or “data is encrypted” do not answer the actual question, which is how data is segmented, isolated, and controlled across the system.

From a regulatory standpoint, this maps directly to the HIPAA Security Rule, which requires covered entities and business associates to perform risk analysis and implement safeguards for access control, auditability, integrity, and transmission security.

Security reviewers are trying to understand whether boundaries exist — and whether those boundaries are enforced in practice.

In practice, this is exactly what a penetration testing process is designed to validate — not just whether vulnerabilities exist, but how data actually flows through your system under real-world conditions. If those boundaries are unclear, or cannot be explained cleanly, the review becomes difficult very quickly.

The second area: separating inference from model training

This is often the most sensitive part of the discussion, particularly for systems that rely on large language models. Most AI scribe vendors state that they do not use customer data for training. That is necessary — but not sufficient. Hospitals are not evaluating your policy. They are evaluating whether your system makes that policy enforceable.

They are looking for:

• clear separation between production data and training environments

• no shared storage or pipelines between those environments

• strict access controls around who can access data internally

• explicit guarantees when third-party model providers are involved

If external LLM providers are used, scrutiny increases further.

You are expected to explain:

• what data is sent externally

• whether it is retained

• whether it can be reused in any form

This is one of the core architectural challenges in modern AI systems, and becomes significantly more complex in healthcare environments where secure GenAI architecture must clearly separate inference, training, and data storage.

This expectation is already reflected in enterprise-grade implementations — for example, AWS HealthScribe explicitly states that customer data is not used to train underlying models, and that customers retain control over their data handling.

Answers that rely on trust — for example, stating that a provider “does not use data for training” — are rarely sufficient without a clear explanation of how that is configured and enforced.

HIPAA Compliance in Practice: Proving Your Security Controls

Even when a system is well designed, the ability to demonstrate that design becomes critical during procurement. Hospital security reviews are structured processes that involve detailed questionnaires, documentation requests, and follow-up discussions that often go deeper than expected. At this stage, high-level assurances are not useful.

Of everything reviewers ask for, a recent penetration testing report is consistently the hardest item to produce — and the one most likely to determine whether the review progresses. Unlike policies or data flow diagrams, a pentest report cannot be generated through a compliance platform. It requires an independent firm to test how your system behaves under real attack conditions, map how patient data flows across your infrastructure, and produce results in a format that a hospital security team can evaluate directly.

For AI scribes specifically, that means testing the full pipeline — audio capture, transmission, processing, third-party model integrations, and storage — not just the application layer.

Reviewers will also expect to see: a clear data flow diagram, documentation of access control mechanisms, and an outline of incident response procedures.

This aligns directly with HIPAA Security Rule expectations around risk analysis and ongoing risk management, rather than one-time compliance statements.

In practice, this is where many teams realise that compliance tooling alone is not enough, and that independent validation — such as HIPAA penetration testing and AI and LLM security testing — is often needed to demonstrate how the system behaves under realistic conditions. If these materials are missing or incomplete, the process slows down, and once momentum is lost, it is difficult to recover.

Where GDPR and EU expectations come into play

For companies operating in or selling into the EU, the same architectural questions map directly to GDPR requirements. Health data is considered a special category of personal data, and its processing is subject to stricter conditions.

This introduces additional expectations around:

• data minimisation and purpose limitation

• clearly defined processing boundaries

• the ability to delete or restrict data

• ensuring processors provide sufficient guarantees

• implementing security measures appropriate to risk

In cases where AI systems introduce higher risk — particularly with new technologies — a Data Protection Impact Assessment (DPIA) may also be required.

In practice, this reinforces the same conclusion: if data flows, access, and control cannot be clearly explained, compliance becomes difficult to demonstrate.

Where Sekurno Fits

By the time a hospital security review begins, the work that determines its outcome has usually already been done — or not done.

Sekurno works with AI scribe and healthcare SaaS vendors at exactly this stage: before the review starts, or when one has already stalled. That means independent penetration testing that produces a report you can share directly in vendor questionnaires and procurement reviews, HIPAA readiness assessments that go into how your systems actually handle ePHI rather than stopping at the policy layer, and data flow documentation that holds up under the kind of technical scrutiny hospital security teams apply.

The goal is not a certificate. It is the ability to answer precise questions with precise evidence — the kind that removes uncertainty rather than asking a reviewer to take your word for it.

If you are preparing for a hospital security review, or a deal has slowed down at the security stage, contact us today.