San Diego, CA, December 11, 2025
A class action lawsuit against Sharp HealthCare in San Diego raises critical concerns about the use of AI tools that record doctor-patient interactions without proper consent. The allegations include unauthorized recordings and data retention issues, emphasizing the legal implications for any business utilizing AI voice technology. To mitigate such risks, experts suggest businesses should establish clear consent protocols and regularly audit AI technologies. This case serves as a warning for various industries about potential vulnerabilities related to privacy laws.
San Diego, CA – New Class Action Targets Healthcare AI Recordings: 6 Steps All Businesses Should Consider to Limit Exposure
San Diego, CA – A recent class action lawsuit filed in San Diego underscores significant privacy risks for businesses employing AI tools that record or summarize customer or patient interactions. On November 26, Sharp HealthCare was sued for allegedly using an AI-powered “ambient clinical documentation” tool to record doctor-patient conversations without proper consent, violating California’s strict wiretapping laws. This case highlights the broader implications for any consumer-facing business utilizing AI voice tools, quality-assurance recordings, or conversation-analysis engines.
Key Allegations in the Lawsuit
- Unauthorized Recordings: Sharp HealthCare is accused of deploying an AI vendor in April 2025 to automatically record clinical encounters on clinicians’ devices and generate draft notes for electronic health records without obtaining all-party consent, as required under California’s Invasion of Privacy Act (CIPA).
- Data Transmission and Access: The lawsuit alleges that sensitive medical information was transmitted to the vendor’s cloud system, where vendor personnel could access the data, potentially violating the Confidentiality of Medical Information Act (CMIA).
- False Documentation: The plaintiffs claim that patient charts falsely indicated that patients “were advised” and “consented” to the AI recording, even when they had not, lacking proper consent mechanisms.
- Data Retention Issues: Sharp allegedly informed patients that the vendor retained audio recordings for approximately 30 days and could not immediately delete them upon request, raising concerns about data retention practices.
Broader Implications for Businesses
This lawsuit serves as a cautionary tale for businesses across various industries that deploy AI recording tools. The key risks include:
- Exposure Under CIPA: California’s wiretapping laws are among the most plaintiff-friendly in the nation, with potential statutory penalties of $5,000 per violation, per call, per recording. This makes businesses vulnerable to significant financial liabilities.
- Vendor Transparency: Publicized partnerships between AI vendors and businesses can serve as a roadmap for plaintiffs’ firms, as seen in this case where the existence of public customer lists was used to define the class.
- Cross-Industry Risks: The legal theories presented in this case, such as wiretapping violations, improper disclosure to third-party AI vendors, false or misleading consent statements, and retention failures, are applicable across various sectors, including retail, financial services, hospitality, and more.
Six Practical Steps to Mitigate Exposure
To reduce the risk of similar lawsuits, businesses should consider implementing the following measures:
- Audit AI Recording Technologies: Review all technologies that capture or transmit voice or text during customer interactions, including AI note-taking tools, transcription services, and virtual agents. Understand where the data goes, who receives it, and how long vendors retain it.
- Establish Clear Consent Protocols: Implement pre-interaction notices (e.g., on websites, intake forms, appointment reminders), obtain real-time consent at the start of interactions, provide visible or audible indicators when recording is active, and secure separate written authorizations when handling sensitive information.
- Review Vendor Contracts: Ensure contracts with AI transcription or analytics vendors include provisions for customer-controlled retention and deletion, prohibit secondary use of data without explicit consent, require immutable logging of access and deletion, mandate certificates of destruction, and restrict vendor personnel from accessing identifiable recordings without specific authorization.
- Monitor Vendor Representations: Avoid allowing vendors to use your company’s name as a customer or publish case studies without consulting legal counsel, as this can have legal implications.
- Disable Default Consent Auto-Population: Ensure AI systems do not automatically insert consent statements like “customer consented” without manual confirmation, maintaining clear audit trails and separating consent capture from documentation fields.
- Develop a Rapid Deletion Workflow: Establish procedures to immediately halt processing, submit verified deletion requests to vendors, and provide customers with written confirmation of deletion, aligning with privacy best practices.
By proactively addressing these areas, businesses can better safeguard themselves against potential legal challenges related to AI recording tools.
About the Authors
Usama Kahf is a partner at Fisher Phillips, specializing in labor and employment law. Danielle Kays is an associate attorney at Fisher Phillips, focusing on employment litigation and counseling.
Related Articles
- New Lawsuit Highlights Concerns About AI Notetakers: 7 Steps Businesses Should Take
- Client Alert: Avoiding Legal Pitfalls and Risks in Workplace Use of Artificial Intelligence
- Pressure-Testing Your Privacy Program for 2025
Frequently Asked Questions (FAQ)
What is the recent class action lawsuit filed in San Diego about?
The lawsuit alleges that Sharp HealthCare used an AI-powered “ambient clinical documentation” tool to record doctor-patient conversations without proper consent, violating California’s wiretapping laws.
What are the key allegations in the lawsuit?
The allegations include unauthorized recordings, data transmission and access, false documentation, and data retention issues.
How does this case affect other businesses?
The case highlights risks for any business using AI recording tools, emphasizing the need for clear consent protocols and robust data handling practices.
What steps can businesses take to mitigate exposure?
Businesses should audit AI recording technologies, establish clear consent protocols, review vendor contracts, monitor vendor representations, disable default consent auto-population, and develop a rapid deletion workflow.
Who are the authors of the article?
The authors are Usama Kahf, a partner at Fisher Phillips, and Danielle Kays, an associate attorney at Fisher Phillips.
Key Features of the Article
| Feature | Description |
|---|---|
| Location | San Diego, CA |
| Subject | Class action lawsuit against Sharp HealthCare for unauthorized AI recordings |
| Key Allegations | Unauthorized recordings, data transmission and access, false documentation, data retention issues |
| Broader Implications | Risks for businesses using AI recording tools across various industries |
| Mitigation Steps | Audit AI technologies, establish consent protocols, review vendor contracts, monitor vendor representations, disable default consent auto-population, develop deletion workflow |
| Authors | Usama Kahf and Danielle Kays of Fisher Phillips |
Deeper Dive: News & Info About This Topic
HERE Resources
Michael Pratt Sentenced to 27 Years for Sex Trafficking
San Diego Faces Highest Inflation Rate in the Nation
Author: STAFF HERE SAN DIEGO WRITER
The SAN DIEGO STAFF WRITER represents the experienced team at HERESanDiego.com, your go-to source for actionable local news and information in San Diego, San Diego County, and beyond. Specializing in "news you can use," we cover essential topics like product reviews for personal and business needs, local business directories, politics, real estate trends, neighborhood insights, and state news affecting the area—with deep expertise drawn from years of dedicated reporting and strong community input, including local press releases and business updates. We deliver top reporting on high-value events such as Comic-Con International, San Diego County Fair, and San Diego Pride Festival. Our coverage extends to key organizations like the San Diego Regional Chamber of Commerce and United Way of San Diego County, plus leading businesses in biotechnology, healthcare, and technology that power the local economy such as Qualcomm, Illumina, and Scripps Health. As part of the broader HERE network, including HEREAnaheim.com, HEREBeverlyHills.com, HERECostaMesa.com, HERECoronado.com, HEREHollywood.com, HEREHuntingtonBeach.com, HERELongBeach.com, HERELosAngeles.com, HEREMissionViejo.com, and HERESantaAna.com, we provide comprehensive, credible insights into California's dynamic landscape.
