Privacy & Security Tips

December, 2025

When an AI bot attends rounds with you: A privacy wake-up call

Clinicians are increasingly relying on digital tools to improve efficiency, reduce administrative burden, and enhance patient care. But a recent incident investigated by the Information and Privacy Commissioner of Ontario (IPC) serves as an important reminder that technology—particularly AI—can introduce new risks to patient privacy. Last fall, an AI transcription tool, or bot, attended and recorded a virtual "rounds" meeting in an Ontario hospital, without the knowledge of participants. The AI bot then sent a summary and full transcript to the full list of meeting invitees, which included former hospital employees.

How did this happen? A former physician employee still included on the meeting invite list had installed an AI bot on a personal device. The tool automatically joined the meeting in their place, captured the discussion, and shared it broadly. It was an AI-driven, not human, action, highlighting how so-called agentic AI systems can independently initiate tasks without prompting. The hospital notified the IPC of the privacy breach and took steps to contain the damage, directing staff to delete the unauthorized e-mails and remove transcription tools from devices. It also updated its AI policies, changing its firewalls to block access to similar platforms.

Take these steps to protect yourself and your patients:

• Avoid using personal or unapproved apps (including transcription and AI-powered notetaking tools) during clinical discussion.

• Audit your meeting lists and notify organizers about outdated or incorrect recipients.

• Be alert to AI autonomy. If an app can "listen", "summarize", or "join" meetings for you, it may undertake certain unintended actions (including sharing of personal information).

Protecting patient privacy is not just a legal requirement – it is a core component of patient trust. As tools become more sophisticated it is important to truly understand and mitigate the risks.