The Core Workflow: What AI Scribes Actually Do
Platforms such as Berries, SimplePractice, and Blueprint follow a broadly similar operational model. During a therapy session, the tool records the conversation, generates a real-time transcript, and produces a draft clinical note for the clinician to review, edit, and sign. The therapist retains final authority over what enters the medical record.
Berries, for instance, states that audio is processed in real time and deleted immediately after transcription. Transcripts are stored on U.S.-based servers under HIPAA-compliant infrastructure. The company explicitly states that session content is not used to train its AI models — a non-trivial commitment given how many AI platforms reserve that right in their terms of service.
Monthly fees across the category range from approximately $19 to $99, positioning these tools squarely at solo practitioners and small group practices where administrative overhead hits hardest.
Efficiency Gains: What the Data Shows
The efficiency case is not speculative. A large-scale analysis at The Permanente Medical Group found that AI scribes saved clinicians the equivalent of nearly 16,000 hours of documentation time in a single year — approximately 1,800 workdays — while also improving reported satisfaction and patient interaction quality. That study focused on medical clinicians rather than therapists, but the underlying administrative mechanics are comparable.
Therapist Kym Tolson, who runs a fully remote practice, reports reducing per-client documentation time from 15–20 minutes to roughly two minutes. Across a full caseload, that is not a marginal improvement — it is a structural transformation of the working day.
HIPAA Compliance: Necessary but Not Sufficient
HIPAA sets the legal floor for health data protection in the United States. For AI scribe vendors, compliance typically means encrypted data transmission, access controls, audit logging, Business Associate Agreements (BAAs) with covered entities, and U.S.-based server infrastructure. These are meaningful protections. They are not guarantees.
Kellie Owens, assistant professor of medical ethics at NYU Grossman School of Medicine, draws the distinction precisely:
“There are plenty of systems that are fully HIPAA compliant that still experience major data breaches.”
Compliance defines process standards; it does not eliminate attack surface.
Where the Risk Profile Diverges in Mental Health
The breach risk calculus in mental health is categorically different from general medical records. A compromised cardiology note is sensitive. A compromised therapy transcript — containing disclosures about trauma, sexuality, family conflict, or psychiatric history — carries social, legal, and relational consequences that are difficult to bound.
A KFF survey found that approximately 77% of Americans are already worried about how their health information is stored and used by AI systems. That concern is not irrational. Healthcare systems and major corporations have faced repeated, high-profile data breaches in recent years. Each additional data layer — recording, transcription, cloud storage, AI processing — represents an additional point of potential exposure.
Therapist Marisa Cohen frames the structural issue clearly:
“When you introduce something that’s being stored electronically, it raises additional questions about trust and safety. It’s essentially a third party.”
Accuracy Risk and the Medical Record
There is a second technical risk that receives less attention than cybersecurity: AI hallucination. Tolson acknowledges it directly — “There are times it will hallucinate. The clinician has to be very careful. You have to double- and triple-check.”
Cohen extends the concern to its legal dimension:
“If errors are introduced and a clinician isn’t meticulously checking the notes, that error is now part of the record. If those notes are ever subpoenaed, that becomes part of someone’s history.”
An inaccurate AI-generated note that enters a permanent medical record without rigorous clinician review is not a minor documentation error — it is a clinical and legal liability.
Patient Consent: The Gap Between Form and Understanding
The consent question is where the technical and ethical dimensions converge most sharply — and where current practice appears most inconsistent.
Owens identifies the core problem with precision:
“We have a wide body of research showing that a consent form on its own does not mean a person is making an informed choice. People scroll through them, don’t read them or feel pressured to agree.”
Written consent, in other words, satisfies a legal checkbox. It does not satisfy an ethical standard.
Her benchmark is direct and unambiguous:
“Any time you are recording a conversation, that should require a verbal conversation that a recording is taking place.”
The Case of Molly Quinn
The patient experience reported by Molly Quinn, a 31-year-old librarian from Fayetteville, Arkansas, illustrates precisely what happens when that standard is not met. Quinn had explicitly raised concerns about AI note-taking before the session in question. When she noticed her therapist’s iPad propped up mid-session — and realized the session was being recorded — she had not been re-informed, re-consented, or given a clear opt-out in that moment.
The downstream effect was not merely discomfort. Quinn canceled her next appointment, ultimately left the therapeutic relationship, and spent weeks finding a new clinician. “The trust was gone,” she says. The AI tool did not damage the therapeutic alliance — the consent failure did.
What Meaningful Consent Requires in Practice
Based on the ethical and clinical evidence, a defensible consent protocol for AI scribes in mental health settings should include at minimum:
- Advance disclosure — written explanation of what the tool records, where data is stored, how long it is retained, and whether it is used for model training.
- Verbal confirmation — a direct, spoken conversation before the first recorded session, separate from any written form.
- Explicit opt-out — a clear, low-friction mechanism for patients to decline without affecting their care relationship.
- Session-level reminders — notification at the start of each recorded session, not only at intake.
- Clinician review commitment — documented confirmation that the therapist reviews and approves all AI-generated notes before they enter the medical record.
Tolson’s practice reflects several of these elements. She discusses the recording process in detail with clients beforehand, makes participation explicitly optional, and reviews every AI-generated note before it is finalized. That model is replicable. It is not yet standard.
Comparing the Vendor Landscape
The three most visible platforms in this space — Berries, SimplePractice, and Blueprint — share the same general workflow but differ in positioning and disclosed data practices.
Berries emphasizes real-time audio deletion and a firm no-training-on-session-content policy. Its co-CEO frames the tool as a presence-enhancing instrument rather than a documentation shortcut — a positioning choice that acknowledges the therapeutic relationship as the primary variable.
SimplePractice is an established practice management platform that has integrated AI documentation features into a broader EHR and billing ecosystem. Its advantage is consolidation; its risk is that AI features may receive less scrutiny when bundled into a familiar administrative tool.
Blueprint targets structured clinical documentation, with AI assistance oriented toward treatment planning and progress notes. Its positioning is more explicitly clinical than administrative.
None of these platforms can eliminate breach risk. All of them require clinicians to maintain active oversight of AI-generated content. The differentiating variable for practitioners is not which platform is “safe” — it is which platform’s data handling policies, consent infrastructure, and accuracy controls align with the clinician’s own ethical standards.
The Therapeutic Relationship as the Governing Variable
Cohen’s observation deserves to be treated as a design principle, not merely a clinical concern:
“Even the presence of AI changes the therapeutic experience. Clients know or feel like something else is listening to them. That awareness can subtly alter their disclosure.”
Therapy’s efficacy depends on psychological safety. Psychological safety depends on the perception of absolute privacy. Any tool that introduces ambiguity about who — or what — has access to session content operates in direct tension with that foundation.
This does not mean AI scribes are incompatible with effective therapy. It means the introduction of these tools requires deliberate, transparent management of that tension. The efficiency gains are real. The risks are real. The consent process is the mechanism through which clinicians navigate between them.
Practical Benchmarks for Mental Health Professionals Evaluating AI Scribes
For clinicians actively evaluating these tools, the following criteria provide a structured starting point:
- Data retention policy — Does the vendor delete audio immediately after transcription? What is the retention period for transcripts?
- Training data exclusion — Does the vendor contractually commit to not using session content for model training?
- BAA availability — Does the vendor provide a signed Business Associate Agreement as required under HIPAA?
- Server jurisdiction — Are data stored exclusively on U.S.-based infrastructure?
- Accuracy review workflow — Does the platform support a clear clinician review and approval step before notes are finalized?
- Consent tooling — Does the platform provide consent documentation templates, and does it support session-level recording notifications?
- Breach notification protocol — What is the vendor’s documented response process in the event of a data breach?
No platform currently scores perfectly across all dimensions. The evaluation process itself — asking vendors these questions directly — is a meaningful signal of how seriously they treat clinical accountability.
Closing Reflection
The efficiency argument for AI scribes in mental health is legitimate and, for many practitioners, compelling. Reclaiming five to seven hours of documentation time per week is not a trivial benefit — it is the difference between a sustainable practice and burnout.
But efficiency is not the governing value in therapy. Trust is. And trust, once broken by a consent failure or a data breach, does not recover on a timeline that matches the next software update.
The mental health professionals who will integrate these tools successfully are those who treat consent as a clinical act rather than a compliance formality — who understand that the conversation about recording is itself part of the therapeutic relationship. The platforms that will earn durable adoption are those that build consent infrastructure, accuracy controls, and transparent data policies into the product rather than the fine print.
Observe the tools carefully. The stakes in this category are not administrative. They are human.
Comments (0) No comments yet
Want to join this discussion? Login or Register.
No comments yet. Be the first to share your thoughts!