California’s AB 3030 gives health systems a clean-looking compliance route for AI-drafted patient portal messages: disclose when generative AI is used to communicate clinical information to a patient, unless the communication has been read and reviewed by a licensed or certified human health care provider. The Medical Board of California’s guidance identifies physicians, registered nurses, and physician assistants as examples of qualifying reviewers, and it states that medical assistants do not qualify for the exemption. The law took effect January 1, 2025, with enforcement through existing health professional licensing boards.[1][2]
That exemption is the hinge. It is also the weak point. In Biro et al.’s 2025 simulated EHR study, 20 practicing primary care physicians reviewed AI-drafted patient messages containing seeded clinically significant errors. They missed 66.6% of the errors overall, with each of the four seeded errors missed by 65% to 75% of participants. The same study reported that 35% to 45% of erroneous AI drafts were submitted with no edits, and 90% of participants reported trusting the AI tool despite the missed errors.[3]

A message can therefore satisfy the policy phrase “read and reviewed” while still carrying the wrong clinical instruction into the patient’s inbox. That is not a theoretical nuisance. It is the exact place where a compliance control has to survive ordinary clinic work: an overfull message queue, a plausible draft, a physician between visits, and one sentence that looks fluent enough to pass.
For the broader evidence base, including potential benefits and human-in-the-loop design issues, see ClinicalMind’s discussion of generative AI patient portal messaging safety governance. The narrower problem here is California compliance: whether a health system can rely on the AB 3030 exemption as if licensed review were a dependable final filter.
The Exemption Is Operational, Not Just Legal
AB 3030 does not merely ask whether an AI system touched a portal message. It asks what happened after that. If a licensed or certified health care provider reads and reviews the AI-generated communication, the disclosure requirement may not apply. If the review is performed by a medical assistant, the exemption does not apply under the Medical Board of California’s guidance.[1]
That distinction matters because portal message work is rarely confined to one professional role. In many clinics, medical assistants, nurses, advanced practice clinicians, and physicians all touch inbox workflows. Some route messages. Some pend orders. Some draft responses. Some close the loop after the physician signs. A governance team that says “all AI messages are reviewed” has not answered the statutory question until it can show who reviewed which communication, under what authority, and before what version reached the patient.
The compliance file should not stop at a role label. “Reviewed by physician” can mean several different things in a real inbox. It can mean the physician opened the message and read every line against the chart. It can mean the physician skimmed a draft generated from a thread they had already seen. It can mean they trusted the draft because it looked like something they would have written. It can mean they clicked send after correcting grammar but not checking the medication instruction embedded in the second paragraph.
Those are different controls. They should not be treated as the same control simply because the audit log records a licensed user before transmission.
| Compliance Question | What The Health System Needs To Know |
|---|---|
| Was generative AI used to communicate clinical information? | Whether the message falls within the AB 3030 disclosure framework. |
| Was disclosure provided? | Whether the patient was told generative AI was used when disclosure was required. |
| If disclosure was omitted, who read and reviewed the communication? | Whether the reviewer qualifies under the licensed or certified provider exemption. |
| What did review require? | Whether the organization defined chart-checking, correction, escalation, and prohibited auto-send behavior. |
| What evidence shows review works? | Whether error monitoring, sampling, and incident review demonstrate that the control catches unsafe drafts. |
Why “Read and Reviewed” Can Fail in a Plausible Draft
The Biro study should be used carefully. It involved 20 primary care physicians from the Baltimore-Washington area in a controlled simulated EHR environment, not a multi-specialty real-world deployment with every local workflow variable represented. It does not prove that every physician in every AI portal deployment will miss two-thirds of dangerous errors.[3]
It does, however, stress-test the assumption behind the exemption. The physicians were not asked to supervise an exotic autonomous diagnostic system. They were doing a familiar task: reviewing patient-message drafts. The errors were clinically significant. The drafts were plausible enough that most errors passed through review. That is exactly the failure mode health systems should expect when an AI draft sounds professional, fits the thread, and requires the reviewer to notice a small but consequential clinical mismatch.
This is where ordinary human-in-the-loop language becomes too vague. A human in the loop is not the same as a human with enough time, context, skepticism, and authority to interrupt the loop. Portal review happens under queue pressure. The physician is balancing medication refills, abnormal results, symptom updates, triage questions, forms, family messages, and visit preparation. The AI draft arrives in the middle of that workload with the advantage of fluency. It often looks complete before it is verified.
Automation bias does not require laziness. It only requires a reviewer to give a system output more weight than it deserves because it appears confident, relevant, and already formatted for use. Vigilance decrement does not require incompetence. It appears when people are asked to monitor repetitive outputs and detect rare but serious problems. Workload-driven skimming is not a character flaw. It is what happens when the inbox becomes a second clinic session without the scheduling, staffing, or cognitive protection of one.
The unedited submission rate is therefore more troubling than it may look at first. In Biro et al., 35% to 45% of erroneous AI drafts were sent without any physician edits.[3] An unedited message may still have been opened. It may still have passed through a licensed reviewer. It may still satisfy a narrow reading of a review step. But from a safety standpoint, the system has converted the physician into a transmission point rather than an effective clinical filter.

The Harm Baseline Makes the Review Layer Harder to Defend as a Checkbox
The reason this review layer matters is not that every AI-drafted portal response is dangerous. It is that a small share of unsafe drafts can be serious enough that the final review control has to be real. In work reported by Mass General Brigham, Chen et al. found that if left unedited, 7.1% of GPT-4-generated patient messages in oncology scenarios posed a risk of severe harm, and 0.6% posed a risk of death.[4]
That result should also be narrowed properly. It involved GPT-4 and oncology scenarios, and harm rates may differ by specialty, model, prompt design, patient population, and local implementation. A primary care medication question is not automatically comparable to an oncology treatment message. Still, the finding gives governance teams a useful baseline question: if a draft can occasionally carry severe harm risk, what evidence shows that the local review process catches those drafts before patients act on them?
A disclosure exemption answers a notice question. It does not answer that safety question. It does not show whether clinicians were trained to verify AI-specific failure modes. It does not show whether high-risk message categories are excluded from drafting. It does not show whether the organization samples sent messages for latent errors. It does not show whether reviewers have enough time to compare the draft against the chart.
That gap becomes visible after an incident. A patient receives an AI-drafted message with an incorrect medication instruction. The physician opened and sent it. The health system says the message was read and reviewed. The patient’s lawyer asks what “reviewed” meant, what the system knew about missed AI errors, and why the organization believed the licensed reviewer would reliably catch one dangerous sentence in a fluent draft. The AB 3030 exemption may still matter, but it will not carry that whole defense by itself.
Efficiency Claims Do Not Cure Weak Oversight
Health systems usually do not deploy AI message drafting because they want a disclosure-law puzzle. They deploy it because portal volumes are punishing and clinicians are exhausted. Drafting tools promise faster responses, more complete language, and relief from clerical burden. Those goals are legitimate.
The early adoption evidence makes the tradeoff less comfortable. Hu et al.’s 2025 systematic review of US-based English-language studies from 2023 to 2025 found that real-world AI draft adoption rates in pilot implementations averaged below 20% despite positive clinician perceptions.[5] That does not prove the tools lack value. It does suggest that the operational efficiency case is still developing, and that favorable attitudes should not be mistaken for sustained workflow transformation.
If adoption is modest and the review control is weak, the risk calculus changes. The organization is not weighing a mature, high-yield efficiency intervention against a remote theoretical safety problem. It is weighing an uneven workflow gain against a documented pattern in which physicians may miss clinically significant AI errors. That does not make deployment indefensible. It does make thin governance indefensible.
Legal commentary on California’s law has also framed AI liability as an evolving standard-of-care issue, including the possibility that both failing to use a validated AI tool where appropriate and using an unvalidated tool in a way that undermines oversight may create exposure.[2] No court has directly settled malpractice liability for this exact portal-message use case. The more prudent reading is not that liability is predetermined, but that the organization’s design choices will be examined closely when an AI-generated error reaches a patient.
What Defensible Oversight Looks Like
The practical answer is not to ban every AI draft or to bury patients in generic notices. It is to stop treating licensed review as a magic word. A defensible AB 3030 program should define the review act with enough specificity that a clinician, auditor, regulator, or plaintiff’s expert can understand what the reviewer was expected to do.
- Define which message types may be AI-drafted, which are excluded, and which require escalation before any draft reaches the patient.
- Specify who qualifies as the licensed or certified reviewer for each workflow, and do not count medical assistant review as satisfying the AB 3030 exemption.
- Require reviewers to verify high-risk content against the chart, including medication changes, symptom triage, test-result interpretation, follow-up timing, and instructions that could delay urgent care.
- Preserve audit logs that show AI involvement, reviewer identity, review timing, edits made, and whether disclosure was provided or omitted under an exemption.
- Sample sent messages for AI-related errors, not only for patient-satisfaction tone or response-time metrics.
- Create an incident pathway for near misses and patient complaints involving AI-drafted communications.
The sampling piece is often where governance becomes serious. If an organization knows from published evidence that physicians can miss clinically significant AI errors in a simulated message-review task, it should not rely only on attestation that review occurred. It should measure local performance. That can include targeted audits of higher-risk message categories, comparison of edited and unedited drafts, review of patient callbacks after AI-drafted responses, and analysis of messages that triggered complaints or safety reports.
Workload design belongs in the same conversation. A policy that requires careful review while adding AI drafts to an already saturated inbox is a paper control. If the organization expects physicians to verify AI-generated clinical content, it should decide what work comes out of the day, how review time is protected, and which staff can support routing without being misclassified as exempting reviewers.
The disclosure policy also needs more nuance than “exempt whenever possible.” AB 3030 may allow omission of disclosure after qualifying review, but the organization can still decide to disclose in some or all AI-drafted patient communications. That decision should consider complaint risk, patient trust, message type, specialty context, and whether local monitoring shows that review reliably catches material errors. Patient preference research is not the central legal control, but patient surprise after a harmful AI-drafted message can become part of the institutional risk story.
Broader AI governance should also connect portal drafting to the same structures used for clinical AI risk management, including model validation, equity review, and post-deployment surveillance. Readers working across AI programs may want to pair AB 3030 implementation with governance principles from ClinicalMind’s coverage of algorithmic bias and health equity in clinical AI and operational controls for governing Epic's AI ecosystem. Portal messages may feel lower acuity than diagnostic AI, but they still direct patient behavior.
The Liability Trap Is the Checkbox
AB 3030 does not make AI portal drafting unsafe or illegal. It does not say that every AI-assisted message must carry disclosure if a qualifying provider has read and reviewed it. It creates a disclosure framework with an exemption that health systems can use.
The trap is assuming that the exemption proves oversight. The published evidence cuts against that assumption. In the setting most relevant to portal drafting, physicians missed about two-thirds of dangerous seeded errors, and a substantial share of erroneous drafts went out unedited.[3] In a separate oncology-message analysis, unedited GPT-4 drafts included messages rated as posing severe harm and death risk.[4] Those facts do not settle every legal question, but they make a bare “licensed reviewer clicked send” defense look thin.
A better compliance posture treats AB 3030 as the floor. Health systems need auditable review standards, error monitoring, escalation rules, clinician workload design, and disclosure policies that reflect demonstrated human-review limits. The licensed reviewer should remain clinically accountable, but governance should not pretend that a tired clinician is a reliable final filter just because the policy says the message was read.
References
- GenAI Notification Requirements — Medical Board of California, Medical Board of California.
- California Passes Novel Law Governing Generative AI in Healthcare, Duane Morris, December 2024.
- Opportunities and risks of artificial intelligence in patient portal messaging in primary care, npj Digital Medicine, April 2025.
- Mass General Brigham Research Identifies Pitfalls and Opportunities for Generative AI in Patient Messaging Systems, Mass General Brigham.
- A systematic review of early evidence on generative AI for drafting responses to patient messages, npj Health Systems, July 2025.
Comments
Join the discussion with an anonymous comment.