HIPAA-Safe AI Therapy Notes: SOAP & DAP Workflows
Practical guide for clinicians to trial HIPAA-safe AI therapy notes: de-identification, SOAP/DAP prompts, safe testing, vendor vetting, and upgrade criteria.
Read moreCopy-ready consent language and guardrails for AI intake and scheduling: disclosures, boundaries, and escalation rules that protect patients and clinicians.
You can use AI intake safely if you give clear notice, obtain consent where needed, and set boundaries on what the assistant can and cannot do. Pair concise disclosures with escalation rules and a human backup. Below are starter templates and guardrails you can adapt for your practice. For HIPAA-aligned intake and scheduling, see PsyFi Assistant.
This post is part of our complete guide to HIPAA-Compliant AI for Behavioral Health Practices.
“We use an AI assistant to help with scheduling and intake. Your information is encrypted and may be reviewed by our staff before appointments are confirmed. Do not use this channel for emergencies—call 911 or your local emergency number. You can ask for a human at any time.”
Add specifics:
Emergency disclaimer (site footer / first message):
“This channel is not for emergencies. If you’re in crisis, call 911 or your local emergency number.”
Opt-out prompt:
“If you’d prefer a human, reply ‘HUMAN’ and we’ll take over.”
Reschedule confirmation:
“We can move your appointment. Here are the next available times: [link]. If none work, reply and our team will help.”
Insurance not accepted:
“We may be out of network for your plan. Our team will review and follow up.”
Minor/guardian:
“If this request is for a minor, please have a parent or legal guardian contact us to complete scheduling.”
PsyFi Assistant provides HIPAA-aligned intake and scheduling with:
Explore: PsyFi Assistant, PsyFiGPT, and PsyFi Reports (psychological evaluation and assessment reports).
Do I need explicit consent for SMS?
Yes. Collect SMS consent and keep reminders minimal on PHI; include time zone and a human fallback.
Can I let AI handle medication or diagnosis questions?
No. Redirect to a clinician. Keep intake to scheduling, eligibility, and logistics.
How should I handle minors?
Require guardian consent and avoid storing sensitive minor disclosures in long-lived transcripts.
What if patients refuse AI?
Provide a human option without penalty. Note preferences in their record to avoid re-prompting.
How often should I review scripts?
Quarterly, or after any incident. Run test transcripts through your crisis and escalation filters.