HIPAA-Safe AI Therapy Notes: SOAP & DAP Workflows
Practical guide for clinicians to trial HIPAA-safe AI therapy notes: de-identification, SOAP/DAP prompts, safe testing, vendor vetting, and upgrade criteria.
Read moreA HIPAA-focused vendor due-diligence checklist for practice owners evaluating AI tools: BAAs, PHI handling, encryption standards, breach notification, and what 'privacy-first' actually means.
Before adopting any AI tool in a behavioral health practice, require a signed Business Associate Agreement (BAA), confirm that Protected Health Information (PHI) is never sent to third-party AI models without a BAA in place, verify encryption at rest and in transit, and ask exactly how long data is retained and under what conditions humans can access it. "Privacy-first" is a marketing claim — a BAA, a documented data flow, and a clear breach-notification policy are facts.
Most AI vendor due-diligence guides are written for general business buyers. Behavioral health practices face a different set of obligations.
You are a HIPAA Covered Entity. That status is not optional, and it applies to every technology vendor who touches patient data on your behalf. A standard SaaS privacy policy is not a substitute for a BAA. A tool that is excellent for a law firm or marketing agency may expose your practice to regulatory penalties, civil liability, and reputational harm if it lacks proper PHI safeguards.
The Office for Civil Rights (OCR) has issued settlements and corrective action plans specifically tied to insecure third-party software use. The average HIPAA settlement in recent years has exceeded $1 million. Small practices are not exempt.
This guide gives you a structured checklist — built around HIPAA requirements and the realities of AI product architecture — to evaluate any AI tool before you sign a contract or enter a single note.
This post is part of our complete guide to HIPAA-Compliant AI for Behavioral Health Practices.
The phrase "private AI" is used to market everything from fully on-premise models to standard cloud tools with a checkbox privacy policy. As a practice owner, you need a working definition that ties to your legal obligations.
For behavioral health purposes, private AI means:
Encryption is one piece of this picture, not the whole picture. A tool can encrypt data at rest and in transit and still be non-compliant if it lacks a BAA, retains PHI indefinitely, or routes session data through unprotected analytics pipelines.
Work through each section when evaluating any AI tool that may touch clinical content, intake data, scheduling records, or any information that could identify a patient.
A vendor who hesitates on a BAA, or who says their tool is "HIPAA compliant" without offering a BAA, should be disqualified from consideration for any PHI-touching workflow. For a worked example of how the BAA situation plays out for ChatGPT specifically, see Is ChatGPT HIPAA Compliant? 2026 Guide.
The following statements appear frequently in AI vendor marketing. None of them, on their own, constitutes HIPAA compliance.
Any vendor that responds to your specific technical questions with marketing language rather than documented policies is a risk.
Use this matrix when comparing tools side by side. Score each category independently before reaching an overall decision.
| Criterion | Acceptable | Caution | Disqualify |
|---|---|---|---|
| BAA availability | Offered in standard contract | Available on request | Not offered |
| PHI to third-party AI | No PHI sent, or vendor holds BAA with subprocessor | Unclear data flow | PHI sent without BAA |
| Encryption at rest | AES-256, vendor documented | Stated but unspecified | Not documented |
| Retention policy | Configurable, documented | Fixed but stated | Not disclosed |
| Training use | Opt-out confirmed in writing | Opt-out available | Opt-in or undisclosed |
| Deletion | Self-serve, timely propagation | Support ticket required | Not possible |
| Breach notification | 60-day SLA in BAA | Promised verbally | Not addressed |
| Audit logs | Available to practice | Limited | Not available |
The way an AI tool is built determines where your PHI exposure actually lives. Two tools can make similar privacy claims while having fundamentally different risk profiles.
Tools that process data on your device or within your own cloud environment do not route PHI to the vendor's servers. Tools that use server-side inference send data to the vendor (and often to the underlying AI model provider) on every interaction.
Some behavioral health AI tools act as a thin wrapper over a general-purpose model like GPT or Claude. Your clinical content is sent to that third-party provider on every request. Others run inference on their own infrastructure under a BAA. These are fundamentally different architectures from a HIPAA standpoint. For a comprehensive review of AI stack choices, see HIPAA-Safe AI Stack for Behavioral Health.
AI tools with persistent memory or long-term context features store conversation content — often indefinitely — to improve responses over time. For behavioral health use, this creates a PHI retention risk that standard consumer AI tools are not designed to address. Ask specifically whether session content is stored after the session ends and for how long.
PsyFiGPT was built to address exactly this architecture problem. It provides AI-powered clinical documentation — including session notes, treatment summaries, and correspondence — without sending PHI to third-party AI models. The architecture is designed from the ground up for practices that need to maintain HIPAA compliance without abandoning the efficiency gains AI offers.
Clinical documentation is the most obvious PHI risk, but practice owners should map every workflow where AI is being used or considered.
Intake forms and scheduling workflows collect sensitive information before the first session: presenting concerns, insurance data, medication history, and referral reasons. AI tools that automate intake processing must be evaluated with the same rigor as clinical documentation tools.
PsyFi Assist handles AI-powered intake and scheduling, including therapist matching, in a HIPAA-conscious framework. It gives practices the efficiency of automated intake without routing patient-submitted data through unprotected consumer AI pipelines.
Progress notes, treatment outcome measurements, and aggregate reporting all touch PHI. AI tools that generate clinical reports or analyze practice-level outcome data require their own BAA review and data flow assessment.
PsyFi Reports (psychological evaluation and assessment reports) provides clinical report generation and analytics built for behavioral health practices. It allows practice owners to derive operational insights without manual export to general-purpose spreadsheet or BI tools that lack PHI safeguards.
HIPAA requires Covered Entities to conduct periodic risk assessments. Adding a new AI tool is a triggering event for a risk assessment update. A minimal AI-specific risk assessment should include:
You do not need to be a security engineer to complete this process. You do need written answers from your vendor for each item above.
Evaluating AI vendors for a behavioral health practice requires asking questions that most general-purpose software buyers never think to ask. The checklist above gives you the foundation.
Start with the BAA. If a vendor cannot provide one, the conversation ends there. Then work through data flow, retention, encryption, access controls, and breach notification. Put every material answer in writing before you sign.
If you are looking for a place to start with purpose-built tools that were designed for this compliance environment from day one, explore what PsyFi Technologies has built for behavioral health practices:
The goal is the same as it has always been in behavioral health: do right by your patients while running a sustainable practice. The right AI tools make both easier, not harder.