July 13, 2026
10 min read
By Albert Wong, PhD · Clinical Psychologist
The short answer
AI progress notes can be HIPAA-compliant, but only when every AI vendor in the chain signs a BAA, your data is contractually excluded from model training, and a clinician reviews and signs every note. Consumer chatbots — including free ChatGPT — fail the first test outright: they do not sign BAAs, so pasting session content into them is a reportable disclosure, not a gray area.
Somewhere right now, a therapist is pasting a session summary into a free chatbot to "clean it up," and that chatbot's terms of service say the text may be used to train future models. That therapist is not a bad clinician. They're an exhausted one, and the tools got ahead of the guidance.
I'm a clinical psychologist and I build AI note-taking software, which means I've spent a lot of time on both sides of this question: what would save clinicians real time, and what would I be comfortable having done with a recording of my client's session. Here are the seven questions I'd put to any AI scribe vendor — including us — before letting them anywhere near session audio.
The baseline. HIPAA compliance isn't a product feature; it's a chain of signed Business Associate Agreements covering everyone who touches PHI. An AI scribe typically involves at least a transcription provider and a language-model provider under the hood. Ask specifically: is every subprocessor that sees my data covered? A vendor who answers with a list is a vendor who has thought about it. A vendor who answers "we're HIPAA compliant!" with no nouns is reciting marketing.
(Consumer chatbots — the free tiers of ChatGPT and friends — do not sign BAAs. Pasting session content into one is a reportable problem, not a gray area.)
You want a flat, contractual "no." Model training is the quiet catch in a lot of AI terms of service: your data improves their product forever, and there is no un-training it. The answer must be no for audio, no for transcripts, no for the generated notes.
This is the question almost nobody asks, and it's my favorite, because it separates architecture from marketing. There's a real difference between shipping a raw transcript — names, places, employers, the specific affair with the specific coworker — to a model, and de-identifying content before the model composes the clinical note. De-identification before AI processing is how we built Practice Harbor, and I'd hold any competitor to the same standard: the model's job is clinical synthesis, and it doesn't need your client's name to do it.
Session audio is the most sensitive artifact in the pipeline — more than the note, because it contains everything, verbatim, in your client's voice. Ask: is audio encrypted at rest? Who can access it? What's the retention policy, and can you control it? "We keep audio indefinitely by default" is an answer you should have to opt into, not discover.
HIPAA is the floor, not the ceiling. If you treat substance use, 42 CFR Part 2 imposes stricter rules than HIPAA. State laws like California's CMIA add their own layer. A thoughtful vendor designs for the strictest common case — one concrete example: appointment reminder texts shouldn't name the service or the provider, because an SMS sitting on a lock screen is not a secure channel. Details like that tell you whether the vendor thinks about behavioral health specifically or just healthcare generally.
You do. Always. An AI scribe that positions its output as done — rather than as a draft the clinician reviews, edits, and signs — is setting you up for documentation you can't stand behind. The unglamorous truth about AI notes is that they're excellent at the 80% that's structure and recall, and you are irreplaceable for the 20% that's clinical judgment. The signature is where that division of labor becomes accountable. In Practice Harbor, every AI-generated note is a draft until a clinician signs it, signing locks it, and unlocking a signed note requires a reason and leaves an audit trail. That's not red tape; that's what makes the record defensible.
Legally: recording a session requires consent in many states regardless of what happens to the recording, and all-party-consent states make it unambiguous. Clinically: asking is simply the right thing to do, and in my experience clients say yes far more readily than therapists expect — especially when you can explain, concretely, what happens to the recording (encrypted, transcribed under BAA, de-identified before AI sees it, deleted per policy, note reviewed and signed by you). If your vendor's architecture makes that sentence hard to say honestly, that tells you something. Our software won't start a session recording until the clinician confirms consent — a speed bump we added on purpose.
Before adopting any AI note tool, get written or documented answers to:
Any serious vendor can answer all seven in plain English. If the answers are vague, the product may still be impressive — but "impressive" and "something I'd put my license behind" are different bars. Your notes carry your name. The AI is just a very fast intern: useful, tireless, and never, ever the one who signs.
Albert Wong, PhD, is a clinical psychologist and the founder of Practice Harbor, where AI-drafted notes are de-identified before processing and every note is signed by a human.
It can be, if the vendor signs a Business Associate Agreement that covers every AI subprocessor (transcription and language-model providers included), contractually excludes your data from model training, and keeps the clinician as the reviewer and signer of every note. Ask for all three in writing.
Not with real client information. Consumer chatbots do not sign BAAs, and their terms may allow using your text for model training. Pasting session content into one is a HIPAA violation. Purpose-built clinical tools with signed BAAs are the compliant path.
Recording a session requires client consent in many states regardless of what happens afterward, and asking is clinically sound practice everywhere. A well-designed tool makes consent a required step — Practice Harbor will not start a session recording until the clinician confirms it.
Ask every vendor: is audio encrypted at rest, who can access it, what is the retention policy, and can you control deletion? "We keep audio indefinitely by default" should be something you opt into knowingly, not discover later.
De-identified before AI processing. Consent-gated recording. Every note reviewed, signed, and locked by you — with an audit trail.