Who actually receives the subpoena when an AI scribe holds the records?

Whoever is the custodian of the data receives it. If session audio, transcript, or notes are stored on a cloud AI-scribe vendor, the vendor is a custodian of those records and can be served directly under FRCP 45. Your practice may be served separately for its own files. A subpoena to the vendor is not a subpoena to you, and depending on the Business Associate Agreement, you may not be notified before the vendor responds.

Does psychotherapist-patient privilege automatically protect AI-generated records?

Not automatically. Privilege must be asserted on behalf of the patient, usually by motion to quash or a privilege log. A third-party vendor that is served has a duty to respond; privilege is typically not the vendor's privilege to assert. Records can end up produced before the patient or treating clinician has had a chance to raise the privilege question. That is the structural risk that moves with custody.

Does on-device storage make my notes un-subpoenable?

No. Records on your device can still be subpoenaed. What changes is who holds them. When you are the custodian, the subpoena comes to you or your counsel. You are the one who can assert privilege on behalf of the patient, negotiate scope with opposing counsel, or move to quash before producing anything. Privilege analysis happens before disclosure rather than after.

What should a solo private-practice therapist do about this risk today?

Read the BAA and subpoena-notification clause of every vendor holding any part of a session (scribe, EHR, backup, transcription). Know where each piece of data sits at rest. Prefer vendors that contractually notify you before responding to a non-government-entity subpoena. For session audio specifically, prefer architectures where you remain the custodian — the legal analysis is cleaner when the record never leaves your control.

Blog · HIPAA · 2026-04-25

Can an AI therapy note be subpoenaed? A 2026 legal-risk explainer

Q: Can an AI therapy note be subpoenaed?

Yes. A therapy note is a record, and records — wherever they live — are reachable through a properly issued subpoena, court order, or discovery request. HIPAA permits these disclosures under 45 CFR §164.512(e). Psychotherapist-patient privilege, recognized in federal court since Jaffee v. Redmond (1996) and varying by state, can block or narrow what must be produced, but privilege is asserted at the moment of response — it does not put the record out of legal reach in advance.

Short answer: yes, and the interesting question is not whether — it's who holds the record when the subpoena lands, and whether you find out in time to assert privilege. The 2024–2026 plaintiff-side discovery landscape has changed what "therapy record" means, and AI scribes sit on the wrong side of the new custody question for most clinicians.

TL;DR

Therapy notes — AI-generated or handwritten, cloud-stored or local — are discoverable in civil and criminal proceedings under the same rules that have always applied to clinical records. What has changed in 2026 is where those records physically live. When session audio, transcripts, and draft notes are held by a cloud AI-scribe vendor, that vendor becomes a third-party custodian who can be served directly, respond on its own timeline, and — depending on your BAA — produce records before you or your patient knows a subpoena issued. Psychotherapist-patient privilege still applies, but privilege is asserted, not automatic. The privilege analysis works much better when the clinician is the custodian of the record.

→ Run the five-question check: BAA Coverage Gap Quiz — maps your current scribe's custody and notification posture against the five categories from our prior BAA explainer.

A scenario a clinician should be able to answer in one sentence

A former client of your practice is going through a contested divorce. Opposing counsel serves a subpoena for "all mental-health treatment records, including but not limited to session recordings, transcripts, and automated or AI-generated clinical notes, from any person or entity in custody of such records between March 2024 and the present." The subpoena names your practice. It also names your AI-scribe vendor, your cloud EHR, and the cloud-backup service your practice uses.

Four different organizations have now received the same legal instrument. Each one is under its own clock. Each one will respond according to its own policies and its own contractual obligations. One of them is you.

Who produces records first? Who asserts privilege? Who calls your lawyer? Who calls the client? This post is about why the honest answer to those questions depends less on what your AI scribe says in its marketing copy and more on where the records physically sit at the moment the subpoena is served.

The legal mechanics in one section

A therapy record can come into the possession of a court or opposing counsel through several overlapping mechanisms. The three that matter in 2026 are:

Federal civil discovery under FRCP 45. A party to a federal civil case can serve a subpoena on any person or entity believed to hold responsive documents. The subpoena commands production of specific records, often with a very short response window. A subpoena to a non-party (like your AI scribe vendor) is served independently of any subpoena to your practice.
State civil discovery. Every state has its own equivalent of FRCP 45. Family-law and personal-injury matters are the dominant drivers of mental-health-record subpoenas in 2024–2026 plaintiff-side practice. The mechanics are similar; the scope of permissible discovery varies.
Grand jury and criminal process. State and federal prosecutors can subpoena records in the course of investigations. These typically have non-disclosure conditions attached, meaning the vendor receiving the subpoena may be legally prohibited from telling you it was served at all.

HIPAA permits disclosure of PHI in response to these instruments under 45 CFR §164.512(e) — provided the requesting party has either given satisfactory assurance that reasonable notice has gone to the affected individual, or obtained a qualified protective order. The rule permits disclosure; it does not require the recipient of the subpoena to fight the subpoena on the patient's behalf. A vendor that chooses compliance over litigation will produce what is responsive. That is a legal choice they are allowed to make, and many vendors make it routinely.

The custody question: who gets served

The single most consequential fact in subpoena analysis is who the custodian of record is. A subpoena follows the record. When an AI scribe holds session audio and generated transcripts on its own servers (or on the servers of its upstream subprocessors), the scribe vendor is a custodian. Opposing counsel who knows the tool is being used can name the vendor directly in a records subpoena — and in 2025–2026 practice, experienced civil-discovery practitioners have learned to ask the clinician's custodian-of-records declaration exactly that: "What AI tools were used in the preparation of these notes, and where are the underlying recordings held?"

When you are the only custodian — because the audio, transcript, and draft never left your machine — the subpoena for those records has one and only one destination: your practice. This matters for three reasons:

You get the notice. The subpoena lands in your inbox or at your registered agent's address. You know it issued. You know what it asks for. You have the full response window.
Your counsel, not the vendor's, drives the response. Your attorney reviews the scope, asserts privilege on the patient's behalf where appropriate, negotiates with opposing counsel, and moves to quash if the request is overbroad. The vendor is not in that loop because there is no vendor.
Privilege review happens before production. Psychotherapist-patient privilege gets asserted, documented, and — where contested — adjudicated before any record leaves your office. Vendors served with a subpoena do not typically stage a privilege fight for somebody else's patient; they produce, log, and move on.

The notification question: when do you find out

Every major cloud AI scribe in 2026 has a BAA that addresses government and legal-process requests, and every BAA is slightly different. Some notify the covered entity (your practice) before responding. Some promise "reasonable efforts" to notify. Some carve out specific exceptions for subpoenas served directly on the vendor. Some defer to the jurisdiction's non-disclosure rules when the requesting party is a criminal investigator or grand jury.

The common pattern we see in publicly available vendor BAAs as of early 2026:

Civil subpoenas: vendor will "use reasonable efforts" or "commercially reasonable efforts" to notify, before a specified deadline in the subpoena. Non-binding; varies by vendor.
Court orders: vendor will typically notify unless the order prohibits it.
Grand jury and criminal subpoenas: vendor typically does not notify. Non-disclosure provisions attached to the process often legally bar them from notifying.
National security letters and their equivalents: almost never notified.

A "reasonable efforts" notification is not a guarantee of notice, and notice after the fact is not useful for asserting privilege. If you learn on Wednesday that your vendor produced records on Monday, the assertion opportunity has passed. The production is already in opposing counsel's possession. A motion to claw back is harder to win than a timely motion to quash.

This is not a failure of the vendors. They are operating within the legal rules that apply to them. It is, however, a structural feature of the cloud-custody arrangement that clinicians often do not fully internalize when they sign up.

Psychotherapist-patient privilege is the backstop — and it is asserted, not automatic

The Supreme Court recognized a federal psychotherapist-patient privilege in Jaffee v. Redmond, 518 U.S. 1 (1996). State-level privileges predate Jaffee and are codified in most state evidence codes. The privilege is the patient's, not the therapist's, and it protects confidential communications made during the course of diagnosis or treatment.

In practice, privilege blocks a subpoena's reach when three things happen in order:

Someone with standing (the patient, or the treating clinician acting on their behalf) asserts the privilege, typically by motion to quash or by producing a privilege log rather than the documents.
The court evaluates whether the privilege applies to the specific materials and whether any exceptions (patient-litigant exception, threat-of-harm, mandatory reporting) strip it.
The court orders production, partial production, or quashes the subpoena.

Step one is where custody matters. When the clinician is the custodian, step one happens reflexively — most therapists do not produce records in response to a subpoena without first calling an attorney, and most attorneys in this space file privilege objections as a matter of course. When a third-party vendor is the custodian, step one does not happen automatically. The vendor is not the patient's advocate. The vendor's own counsel is weighing the vendor's exposure, not the patient's privilege. Privilege that is not asserted is effectively waived for the purpose of that subpoena's production.

The 2024–2026 pattern: why AI records specifically

Three shifts in civil-discovery practice over the last three years have made AI scribe records a more attractive discovery target than handwritten progress notes were in the past:

Richer records. An AI-generated note is often based on a full verbatim transcript of a session. Opposing counsel seeking to attack a clinician's opinion, impeach a patient's testimony, or establish a timeline now has raw speech-level material to work with instead of a clinician's summary. That is a more useful artifact in a trial strategy.
Targetable custody. When records are held by a small number of well-known vendors, discovery is operationally simpler. A single subpoena to Mentalyc, Upheal, Blueprint, or Supanote can reach hundreds of clinicians' records. Opposing counsel in 2024–2026 routinely asks in interrogatories which AI tools a clinician used; the answer tells them exactly where to subpoena next.
Discovery of inference artifacts, not just outputs. Some 2025 opinions have signaled that prompt logs, model-input caches, and vendor-side quality-review queues are themselves discoverable, not merely the final notes the clinician received. That expands the surface of what a subpoena can ask for, and it sits on the vendor's side, not yours.

None of these are hypothetical. They are the normal mechanics of modern civil practice applied to a record type that is new in clinical workflows. The plaintiff-side bar is good at its job; AI-generated records are discoverable material and they are being discovered.

What changes when the record lives on your Mac

On-device architecture does not make a therapy note un-subpoenable. It makes you the custodian of the record. That is a narrower and more honest claim than "unsubpoenable," and it is the claim that matters for privilege mechanics.

When the audio, transcript, and draft never leave the clinician's laptop — enforced at the macOS entitlement level rather than promised in marketing copy — the subpoena pattern simplifies:

There is no third-party vendor to subpoena for the session audio, transcript, or AI-generated draft, because no third party holds them.
Every subpoena that can reach these records has to reach you. You receive the instrument, your counsel reviews it, your patient's privilege gets asserted on the normal timeline.
You remain the clinician, not a non-party to litigation with a separate set of obligations. Your obligations are the ones you already understand and have counsel for.
Grand-jury non-disclosure provisions, when they apply, bind you directly — you are aware of the process and its constraints instead of being downstream of a vendor under a gag order.

The architectural move does not eliminate legal risk. It collapses a two-custodian problem into a one-custodian problem, and it moves the privilege-assertion opportunity back into the hands of the person the privilege is designed to protect. That is the load-bearing benefit.

This is the design philosophy behind TherapyDraft. The audio never opens a network socket. The transcript stays on-disk in your user-scoped Application Support directory. The draft note is generated by a local 14-billion-parameter model that runs on the M-series chip you already own. Every inference is hash-logged to a tamper-evident JSONL file, so the clinician can show a court exactly what the tool did — another benefit that moves with custody. The specifics are on the privacy page, the architectural argument is on HIPAA AI SOAP notes — no BAA required, and a same-price competitor comparison is on Supanote alternative — same price, different trust model.

An honest close

"Can an AI therapy note be subpoenaed?" is the wrong question to build a practice policy around. The useful question is: when the subpoena arrives, who is the custodian, who decides what to produce, and who gets the notice in time to assert privilege? The answer depends entirely on where the records physically live and on the contract that governs the custody relationship.

A cloud AI scribe is a legitimate tool. A signed BAA, a "reasonable efforts" notification clause, and a vendor that takes privilege seriously are all real protections. They are not the same protection as being the only custodian of a record that never left your office. Clinicians should understand the difference, not because one is marketing-copy-good and the other is marketing-copy-bad, but because the mechanical legal analysis is genuinely different in the two cases.

Read your BAA's subpoena-notification clause. Know who the custodians of your session records actually are. Ask your attorney how your current arrangement would play out against a specific hypothetical — a family-law subpoena, a grand jury subpoena, a plaintiff-side discovery request in a malpractice matter. If the answer involves a lot of "we'd find out when the vendor told us," that is information worth having.

And if the answer you prefer is "the record never left the office, the subpoena comes to me, privilege gets asserted on day one," that is an answer architecture can actually give you.

The five-question gap check

Our BAA Coverage Gap Quiz maps your current scribe's custody and notification posture to the risks in this post. Five questions, sixty seconds, no account required. The quiz runs entirely in your browser — nothing is sent to us. Clinicians and therapy bloggers can embed it on their own site.

Run the BAA Coverage Gap Quiz

Try TherapyDraft

The private beta is free for 10 sessions — no credit card, no upload. Install the signed .dmg, grant microphone access, draft your first note on the laptop that already holds your calendar and your EHR login. If the draft quality or the workflow doesn't improve on your current setup, uninstall. Nothing was ever shipped anywhere to retrieve.

Join the private beta

This post is general information about subpoena and discovery mechanics as they apply to AI-generated therapy records in 2026. It is not legal advice. Civil-discovery rules, state-level privilege statutes, and BAA clauses vary materially; for a review tied to your specific practice, consult an attorney experienced in HIPAA and professional-licensure matters.