Best AI Notetaker for Therapists in 2026: HIPAA, Consent, and the On-Device Option
Published June 09, 2026
- Cloud AI scribes (SimplePractice, Mentalyc, Upheal, TheraPro) require signed BAAs because they handle PHI — on-device tools remove the BAA dependency entirely.
- SimplePractice will begin retaining de-identified transcripts for model improvement starting June 16, 2026 — read the fine print before opting in.
- HIPAA compliance ≠ breach-proof: NYU's Kellie Owens told NPR that even fully compliant systems get breached, and therapy data is uniquely sensitive.
- Apple's SFSpeechRecognizer and iOS 26 SpeechAnalyzer support fully offline transcription via requiresOnDeviceRecognition — the technical foundation for on-device scribes.
- Basil AI captures up to 8 hours of session audio on iPhone/Mac with zero cloud upload, eliminating audio breach surface while preserving structured notes.
Quick answer: The best AI notetaker for therapists in 2026 is the one that minimizes audio exposure entirely. Cloud scribes like SimplePractice Note Taker, Mentalyc, and Upheal are HIPAA-eligible with BAAs, but they still transmit session audio to vendor servers. On-device tools like Basil AI keep recordings on the iPhone or Mac, removing the BAA dependency and breach surface altogether.
The best AI notetaker for a therapy practice in 2026 is the one that minimizes where session audio travels — not just the one with the most checkboxes on its compliance page. Cloud-based scribes like SimplePractice Note Taker, Mentalyc, Upheal, and TheraPro can be HIPAA-eligible with signed Business Associate Agreements, but they still transmit protected health information (PHI) to vendor servers. On-device tools like Basil AI take a categorically different approach: the audio never leaves your iPhone or Mac, so there is no vendor-side breach surface to defend in the first place.
This guide compares the leading AI scribes for mental-health clinicians, explains the HIPAA mechanics that determine which tools are even legally usable, and shows where on-device transcription fits into the decision.
Why therapy notes are a uniquely hard AI problem
Therapy sessions contain some of the most sensitive PHI a clinician will ever document — substance use, trauma, suicidality, custody disputes, sexual histories. HIPAA treats psychotherapy process notes with heightened protections separate from progress notes, and most states layer additional confidentiality statutes on top.
The interest is real: SimplePractice reports that only 13% of clinicians surveyed are using AI for client documentation, leaving a large adoption runway among the remaining 87% who could reclaim hours each week. But adoption has been cautious for a reason. As NPR reported in May 2026, patients are pushing back: NYU medical ethics professor Kellie Owens told NPR bluntly that HIPAA compliance does not eliminate breach risk, noting that plenty of fully compliant systems still experience major breaches.
The HIPAA mechanics every therapist should understand before picking a scribe
Under HHS guidance on business associates, any vendor that creates, receives, maintains, or transmits PHI on your behalf is a business associate and must operate under a written Business Associate Agreement (BAA). The HIPAA Privacy Rule requires covered entities to obtain satisfactory written assurances that the BA will appropriately safeguard the PHI it receives.
Cloud-based AI scribes squarely meet this definition. A 2025 analysis from DMC Law spells it out: because AI scribes process PHI on behalf of providers, the vendor is a business associate and must sign and abide by a BAA, and because the PHI is electronic, the HIPAA Security Rule applies as well.
The stakes for getting this wrong are concrete. Paubox's HIPAA analysis cites a 2018 settlement in which Advanced Care Hospitalists, a Florida physician group, paid $500,000 after sharing PHI with a billing vendor without executing a BAA — a breach that exposed names, dates of birth, and Social Security numbers of more than 9,000 patients on a public website. The same exposure is possible with an unvetted AI scribe.
The proposed 2025 Security Rule update raises the bar
On January 6, 2025, HHS published a Notice of Proposed Rulemaking (NPRM) — the first major HIPAA Security Rule overhaul since 2003 — with direct implications for AI vendors. As Linford & Company's compliance guide explains, the NPRM proposes that business associates verify their technical safeguards at least once every 12 months, with documented certification from a subject-matter expert — a meaningful shift from today's self-attestation model. HHS has indicated a final rule could be published in summer 2026.
How the leading 2026 AI scribes compare on data handling
The comparison below pulls retention, BAA, and audio-handling details from each vendor's own documentation and from independent reviews.
| Tool | Where audio is processed | Recording retention | BAA available | Training data use |
|---|---|---|---|---|
| SimplePractice Note Taker | Cloud (Anthropic Claude) | Recordings deleted after transcription; transcripts ≤7 days. De-identified transcripts retained from June 16, 2026 for model improvement. | Yes | Will not sell PHI; de-identified transcripts used to improve Note Taker |
| Mentalyc | Cloud | Zero recording storage; SOC 2 Type II | Yes (HIPAA + PHIPA) | No PHI used for training |
| Upheal | Cloud | Encrypted at rest and in transit | Yes | Paid plans can opt out of LLM training |
| TheraPro | Cloud, with Zero Data Retention agreements with model providers | No session recordings kept (temporary buffer only) | Yes | No PHI used for training |
| Quill | Cloud — therapist dictates summary; no session recording | Does not store recordings, summaries, or generated notes | Yes | No data passed to train LLMs |
| Basil AI | 100% on-device (Apple Neural Engine) | Stored only on your device; you control deletion | Not required — no PHI leaves the device | None — audio never leaves your iPhone/Mac |
SimplePractice Note Taker: market leader, with a 2026 retention change worth reading
SimplePractice's Note Taker is built on Anthropic's Claude and integrates directly into the EHR. According to SimplePractice's own FAQ, starting June 16, 2026, a de-identified and de-coupled version of the transcript may be retained to support ongoing improvements to Note Taker and other AI tools, and clinicians can manage retention preferences at the clinician, client, or session level. SimplePractice states it will never sell PHI. Independent reviewers at Twofold Health note that SimplePractice deletes recordings immediately after transcription and retains transcripts for the shorter of 7 days or until the note is signed and locked.
Mentalyc, Upheal, TheraPro, Quill: the standalone scribes
Among the standalone tools, Mentalyc's 2026 ranking highlights its zero recording storage and SOC 2 Type II posture, with Alliance Genie™ for relational insights. Upheal is fully HIPAA compliant with encryption at rest and in transit and provides a BAA for every account. TheraPro requires its infrastructure and model partners to sign BAAs and maintains Zero Data Retention agreements with model providers; it creates only temporary audio buffers and does not keep session recordings. Quill takes the most conservative cloud approach — it doesn't record the session at all; the therapist dictates a summary afterward, and Quill doesn't store recordings, submitted summaries, or generated notes.
The audio-exposure problem nobody markets around
Every cloud-based scribe shares a structural property: at some point, your client's voice travels over the network. Even with encryption, BAAs, and zero-retention policies, the audio briefly exists in someone else's infrastructure. As Trussed AI's HIPAA guide puts it: AI transcription and note-generation tools carry high PHI exposure risk because every audio file and generated note is PHI.
That structural exposure is what NYU's Kellie Owens warned about in the NPR piece: regardless of what protections we have in place, that doesn't mean data can't be breached. Written consent forms alone, she added, may not be enough.
How on-device transcription changes the threat model
If audio never leaves the device, the vendor is not a business associate for that audio at all — there is nothing to breach on their end. This is not a marketing claim; it's a HIPAA-mechanical consequence. Apple's Speech framework has supported fully offline recognition since iOS 13.
The technical primitives: SFSpeechRecognizer and SpeechAnalyzer
Apple's requiresOnDeviceRecognition property is a Boolean that determines whether a recognition request must keep its audio data on the device. When set to true, audio is never sent over the network. supportsOnDeviceRecognition indicates whether the recognizer can operate without network access at all.
With iOS 26, Apple introduced a more powerful successor. As Anton Gubarenko's SpeechAnalyzer guide documents, the new class is designed for performance, flexibility, and full offline operation, with a modular API for everything from dictation to custom model management — and includes a DictationTranscriber for natural, punctuation-aware dictation as well as a SpeechTranscriber for clean speech-to-text. This is the technical foundation that makes hour-long, fully offline therapy capture viable on consumer hardware.
A decision framework: which AI scribe fits your practice?
There is no single "best" — the answer depends on your tolerance for cloud audio exposure and your existing tech stack.
| Your priority | Best fit | Why |
|---|---|---|
| Already on SimplePractice EHR | SimplePractice Note Taker | Native workflow; just opt out of the post-June 16, 2026 transcript retention if you prefer |
| Deep clinical insights (alliance, golden thread) | Mentalyc | Therapy-first design with no recording storage |
| Don't want to record sessions at all | Quill | Dictate a summary after; nothing stored |
| Maximum audio privacy — nothing leaves the device | Basil AI | On-device Apple Speech; no vendor ever receives audio |
| Solo practice, mixed in-person/telehealth, sensitive caseload (trauma, custody, MAT) | Basil AI + dictated summary workflow | Eliminates BAA dependency for the audio entirely; still review/edit final note |
How Basil AI solves the therapy-scribe problem
Basil AI is built around a single architectural decision: audio is captured and transcribed entirely on the device using Apple's Speech framework. For clinicians, that has four practical consequences:
- No BAA needed for the audio — Basil never receives session audio, so it is not a business associate for that audio under 45 CFR 160.103. Your responsibility shrinks to safeguarding your own device.
- 8-hour continuous capture — long enough for back-to-back sessions, group therapy, or a full intake day without splitting recordings.
- Works on a plane or in a basement office — no Wi-Fi required, because SpeechAnalyzer runs fully offline.
- Apple Notes integration — transcripts and summaries sync to your existing Notes workflow via iCloud, where you control sharing.
For a deeper technical view, see our walkthrough of how Basil processes audio locally in real time, and our breakdown of the therapy-session privacy crisis in more depth.
Consent still matters — even with on-device tools
On-device processing simplifies the conversation but does not eliminate it. State audio-recording laws (one-party vs. two-party consent) apply regardless of where transcription happens, and SimplePractice's own guidance recommends explicit consent for any recording-based AI system — including updated Notices of Privacy Practices, session-specific consent, and opt-out procedures that don't affect treatment access.
The substantive difference with on-device tools is that you can truthfully tell a client: "Nothing leaves my device. No third party hears this session. I can delete the recording with one tap." That's a materially different conversation than disclosing transmission to a cloud vendor's servers, even one with a BAA. For more on the consent landscape, see our prior coverage of how courts are treating recording capability and our analysis of the ambient-scribe consent lawsuits reshaping the market.
What to ask any AI scribe vendor before you sign
Whether you choose a cloud or on-device tool, the diligence questions are the same. Pull them from the NPRM, HHS BAA guidance, and the HIPAA Journal's AI guidance:
- Will you sign a BAA that explicitly covers AI processing, subcontractors, and model training?
- Where is audio processed, and how long is it retained — in transit, at rest, and in any model-improvement pipeline?
- Do you use PHI to train models, even de-identified? What's the opt-out default?
- What's your breach-notification SLA? The NPRM contemplates 24-hour timelines for some events.
- Are you SOC 2 Type II audited?
- If you process audio on the device, can you demonstrate that requiresOnDeviceRecognition (or SpeechAnalyzer's offline mode) is in use?
The bottom line
Cloud AI scribes are getting genuinely good. Mentalyc, Upheal, SimplePractice, TheraPro, and Quill each have a defensible HIPAA story and real clinical value. But all of them ask you to trust someone else with your client's voice — and as the NPR reporting and the proposed 2025 Security Rule update both make clear, the regulatory expectation is moving toward more scrutiny, not less.
On-device transcription is the only architecture that removes the audio-exposure problem at its root. For therapists whose caseload includes high-sensitivity content — trauma, custody, MAT, suicidality, public figures — that distinction may be the deciding factor in 2026.
Try Basil AI — Private Therapy Notes, On-Device
8-hour recording, Apple Neural Engine transcription, zero cloud upload. Designed for clinicians who can't afford an audio breach.
Frequently Asked Questions
Do I need a BAA to use an AI notetaker in my therapy practice?
Yes — if the vendor creates, receives, maintains, or transmits PHI on your behalf, HIPAA requires a signed Business Associate Agreement under 45 CFR 160.103. That includes ambient AI scribes like SimplePractice Note Taker, Mentalyc, and Upheal. A tool that processes audio entirely on your device and never transmits PHI to the vendor doesn't trigger BA status in the first place.
Which AI notetakers for therapists don't store session recordings?
Mentalyc, TheraPro, Berries, and Quill all advertise zero recording storage — audio is processed in real time and deleted. SimplePractice keeps transcripts for up to 7 days and, starting June 16, 2026, may retain de-identified transcripts to improve its AI. Basil AI never uploads audio at all because transcription happens on Apple's Neural Engine.
Is HIPAA compliance enough to protect therapy session data?
No. NYU medical ethics professor Kellie Owens told NPR that HIPAA compliance doesn't eliminate breach risk — many fully compliant systems still experience major breaches. For psychotherapy notes in particular, which receive heightened protection under HIPAA, the safest posture is to minimize where PHI travels rather than to rely solely on vendor safeguards and breach notification.
Can I use a general AI notetaker like Otter or Fireflies for therapy sessions?
No. General-purpose meeting transcription tools rarely sign BAAs and typically retain audio for model training. Under HHS guidance, any vendor that touches PHI without a BAA creates direct liability for your practice. In 2018, Advanced Care Hospitalists paid $500,000 to settle a HIPAA case partly because it shared PHI with a vendor without a BAA in place.
Does Apple's on-device speech recognition work for full therapy sessions?
Yes. Apple's Speech framework supports requiresOnDeviceRecognition, which guarantees audio never leaves the device. With iOS 26's new SpeechAnalyzer API, Apple added DictationTranscriber and SpeechTranscriber engines designed for fully offline, longer-form transcription. Basil AI uses these frameworks to support up to 8-hour continuous capture on iPhone and Mac without any network round-trip.
Do I still need patient consent if I use an on-device AI notetaker?
Yes. State audio-recording laws (one-party vs. two-party consent) apply regardless of where transcription happens, and the APA recommends documented informed consent for any AI documentation tool. On-device processing simplifies the consent conversation — you can truthfully tell clients that no recording leaves your device and no third party hears the session — but it does not eliminate the consent requirement.