All posts

What happens to your clients words? The importance of EHR privacy

By
Ted Faneuff
May 15, 2026
4
min read
What happens to your clients words? The importance of EHR privacy
Outline
This is also a heading but really long so
This is also a heading but really long so
This is a heading

I still remember the day vividly.

It was middle of the weekend, my kids were home, playing, just in sight.

And I was hunched over my dining room table, staring at a stack of session notes and a computer screen that seemed to mock my exhaustion.

My eyes burned, a fog clouded my memory of each session, and that familiar weight of overwhelm settled in my chest. Most agonizingly, I was missing out on precious time with my children.

That was my breaking point. I literally collapsed forward onto my dining room table, forehead hitting the keyboard, and thought: "There has to be a better way."

When I started looking for AI tools to help with documentation, the time-saving case was obvious. But the more I looked, the more a second question kept surfacing. Not just "how do I finish my notes faster?" but "what happens to my clients' words while all of this is happening?" That question led me somewhere I hadn't expected.

Client privacy is more important than administrative simplicity

As therapists, our clients entrust us with their deepest struggles. Every conversation is profoundly private, and how we handle that information extends beyond merely adhering to HIPAA rules.

As I have compared AI documentation tools, I discovered how different platforms handle your client conversations in very different ways — and some, in very alarming ways.

Let’s break down what a few key differences in approach.

Deleting session data, or storing it

Healthcare records are especially susceptible to hacking, and providers are accountable for ensuring their security. Recent years have seen more than 600 incidents of healthcare records getting leaked.

All that to say: therapists should really be thoughtful when choosing AI tools, considering what information is being stored, and assuming it could be vulnerable to a data breach.

Some platforms store session recordings on their servers by default, retaining them unless you actively delete them. Upheal gives you a different option. You can use Upheal's scribing features without storing any session data at all — and if you do store data, you can delete it immediately.

Asking permission first, or opting in by default

Platforms like Upheal never use your client data to train their AI unless you and your client specifically agree. Our AI assists with notes but doesn't learn from your conversations for broader AI training or to train a therapist replacement.

Other platforms, including SimplePractice, use session transcripts to improve their AI by default. Clients can turn this off, but they have to actively find and change that setting. These platforms assume consent unless told otherwise. Upheal operates the other way around: nothing trains until both you and your client have actively agreed.

The hidden cost of convenience: what therapists risk

Many platforms advertise HIPAA compliance. What many therapists don't realize is that HIPAA compliance doesn't prevent a platform from using your session recordings to train AI unless you explicitly opt out.

That means your client's story could shape how another therapist's AI behaves.

Most therapists I've spoken with assumed HIPAA protections meant their transcripts weren't being used this way. In reality, many platforms use de-identified session data for model training by default. Your client's words may already be contributing to someone else's AI without your explicit awareness. And once that data is used, there's no undoing it.

Imagine a client asking: "What happens to our recordings?" Would you be 100% confident in your answer?

“Alongside tracking patient progress, Upheal maintains rigorous privacy standards, making it an invaluable tool for modern professionals.”  – Gino C., LPC.

Getting AI to help deliver care both efficiently and securely

For many clinicians who are (rightfully) wary of AI, the decision to adopt it can feel like choosing between saving time and upholding your ethics.

However, with the deep experience I’ve gained in AI and behavioral health tech, I can confidently say that you can strike a balance between efficiency and ethics by choosing the right tool. You deserve access to modern technology, without compromising your professional standards.

What changed my practice wasn't just AI transcription. AI doesn’t understand, it is trained. Upheal tracks patterns across my sessions that I wouldn't have noticed on my own: the talk-to-listen ratio with different clients, shifts in emotional tone over time, topics that keep surfacing, patterns in how a client presents week to week. These aren't just interesting data points. These are things that I already think about, AI just made it easier to track

With my old manual note-taking, I was spending three to four hours every evening writing up sessions. AI transcription cut into that. But, AI able to track these longitudinal changes in the client and bring awareness to that in documentation, that changed the work itself

And critically, all of this analysis happens without my client data being used to train AI for other therapists.

The bigger picture: building a sustainable profession

That day when I collapsed at my dining room table wasn't just about time management; it was about figuring out how to be a therapist without burning out from paperwork.

But there's another question: How do we use helpful technology while still maintaining the trust that makes therapy work?

The AI tools we choose today will shape how our profession develops. Platforms that prioritize convenience over client privacy might save time in the short run could create serious ethical problems down the road. Privacy-first approaches might require a bit more thought upfront, but they protect what makes therapy special: the unique trust between therapist and client.

Technology should enhance our ability to be present with our clients, not create new anxieties about privacy. When companies that built tools that understood this — that efficiency without ethics isn't really efficiency at all — everything improved in my practice

Ultimately, your choice of EHR is a choice about the kind of practice you want to run. The right platform should feel like a natural extension of how you work. More importantly, it should be something you can stand behind when a client asks how their information is being used.

Share this post
Ted Faneuff
Ted Faneuff
LISW, LMSW, LCSW
,
Upheal
Ted is a licensed clinical social worker with 13+ years specializing in anxiety, depression, and OCD. Beck Institute-trained, he leads clinical operations for Upheal.

More blog posts

How DBT helps teens living with BPD
Kat Heidelberger
4
min read

How DBT helps teens living with BPD

Read one therapist's lessons from the field of treating borderline personality disorder using DBT.

Read post
Top 6 HIPAA Compliant Scheduling Software for Private Practices in 2026
Upheal
8
min read

Top 6 HIPAA Compliant Scheduling Software for Private Practices in 2026

HIPAA compliant scheduling software needs to do more than book appointments. It must protect client privacy, reduce administrative burden, and support sustainable practice growth. This article breaks down what HIPAA-compliant scheduling really means for private therapy practices, how to evaluate scheduling tools beyond basic compliance, and how leading platforms compare.

Read post
The case for “gentle challenge”: Why AI fails at core therapeutic skills
Kat Heidelberger
7
min read

The case for “gentle challenge”: Why AI fails at core therapeutic skills

AI chatbots are designed to be easy and frictionless, but real mental health care is — and should be — challenging.

Read post
Discover more