It’s only a matter of time before someone walks into a healthcare facility wearing Meta AI glasses. Maybe they’ll ask whether it’s okay. Maybe they won’t.
Either way, the answer is no. And the reasons are worth understanding, because the problems aren’t about policy preferences โ they’re architectural. They’re baked into how the product works.
What These Glasses Actually Do
Meta sells AI glasses under both the Ray-Ban and Oakley brands, starting at $299 and going up to $799 for the Display model with its built-in HUD. All of them pack a 12-megapixel camera, a five-microphone array, and always-available Meta AI into frames that look like ordinary sunglasses. A Gen 3 is expected later this year with even more ambient sensing capability.
The glasses are designed to see what you see and hear what you hear. That’s the product. In a healthcare environment where patient records are on screen and patient conversations happen throughout the day, that design is the problem.
No Hardware Kill Switch
There is no physical camera shutter. There is no hardware microphone disconnect. The only way to guarantee these sensors aren’t capturing data is to power off the device entirely โ which defeats the purpose of wearing them.
Every “disable” option is a software toggle. The user can re-enable the camera or microphone at any time without IT ever knowing. And “Hey Meta” โ the voice wake word โ requires the microphones to be actively listening at all times to detect the trigger phrase.
A small LED on the temple is supposed to indicate when the camera is recording. But a $60 hardware mod can disable the LED while leaving the camera functional. Stickers and aftermarket covers do the same. Even when the LED works, it’s been described as “blink-and-you’ll-miss-it.”
Data Flows You Can’t Stop
Even with every optional setting disabled, essential telemetry still flows to Meta’s servers. There is no offline-only mode. The glasses require the Meta AI companion app for setup, firmware updates, and media transfer โ and that app phones home.
When “Hey Meta” is enabled, voice recordings are stored in Meta’s cloud for up to one year. As of Meta’s April 2025 privacy policy update, the option to disable voice recording storage was removed.
Where Your Data Actually Goes
In February 2026, an investigation by Swedish journalists at Svenska Dagbladet and Goteborgs-Posten revealed that data annotators employed by Sama in Nairobi, Kenya are reviewing video and audio captured by Meta smart glasses. These contractors โ hired to train Meta’s AI โ reported being exposed to users’ living rooms, bedrooms, financial documents, and intimate moments. One worker told investigators: “We see everything โ from living rooms to naked bodies.” Meta says faces are automatically blurred before human review, but workers reported the anonymization doesn’t always work.
That investigation triggered a class-action lawsuit โ Bartone et al v. Meta Platforms, Inc. โ filed March 4, 2026 in the Northern District of California. The complaint alleges that Meta marketed the glasses as “designed for privacy, controlled by you” while secretly routing footage to overseas contractors. The suit names both Meta and Luxottica, and seeks relief for all U.S. purchasers.
Now imagine that data pipeline carrying a patient’s medical record, a conversation about a diagnosis, or a screen full of lab results. In a HIPAA-regulated environment, any of this would be disqualifying on its own. Combined, it’s a nonstarter.
No Enterprise Management
These are consumer devices. There is no MDM enrollment, no admin console, no ability to push configurations or audit device activity. IT cannot remotely disable the camera or microphone, cannot verify that recording stays off, and cannot enforce any policy on the device.
Meta does not offer a Business Associate Agreement for smart glasses. Without a BAA, any PHI that reaches Meta’s servers โ intentionally or through an accidental activation โ is an unmitigated HIPAA violation.
The State Law Layer
HIPAA is the floor, not the ceiling. Many states have laws that add additional exposure:
- Several states have physician-patient privilege statutes that bar disclosure of patient communications without explicit consent โ broader than HIPAA’s protections.
- States like Illinois, Texas, and Washington have biometric privacy laws that restrict collection of facial geometry, voiceprints, and other biometric identifiers. An always-on camera in a waiting room or patient care area could trigger these statutes.
- Two-party consent recording laws in states like California, Florida, Illinois, and Pennsylvania mean that recording conversations โ even accidentally โ without all parties’ knowledge is a criminal offense, not just a civil one.
An accidental “Hey Meta” trigger during a patient interaction could simultaneously violate HIPAA, state recording law, and physician-patient privilege.
What Would It Take?
For AI-enabled glasses to work in healthcare, they would need โ at minimum:
- Hardware kill switches for camera and microphone, independently controllable
- MDM and enterprise management with IT-enforced policies
- A signed BAA with the manufacturer, covering all data in transit and at rest
- No telemetry to the manufacturer when operating in a managed mode
- Tamper-evident recording indicators that can’t be defeated with a sticker
None of these exist in Meta’s product line today, and the product roadmap is moving in the opposite direction. The upcoming “Name Tag” facial recognition feature and expanded ambient sensing in Gen 3 mean more data collection, not less.
Smart glasses will eventually find a place in healthcare. Hands-free access to records, real-time clinical decision support, remote specialist consultation โ the use cases are real. Meta or its partners could build the enterprise management, hardware controls, and compliance infrastructure to make that possible. But none of it exists today, and until it does, these glasses don’t belong anywhere near patient data.