Group therapy notes and HIPAA: when one session holds a dozen clients' PHI

Individual therapy sessions are already sensitive. A therapist recording a 50-minute individual session and uploading it to a cloud AI scribe is transmitting one person's protected health information to a third-party vendor. Most therapists who think carefully about this recognize the exposure — which is why the HIPAA-by-architecture argument for on-device note drafting resonates with private-practice clinicians who have stopped to read their scribe vendor's privacy policy.

Group therapy amplifies that exposure by an order of magnitude. A 90-minute group session with eight participants is not eight times a standard individual session. It is a single audio file in which eight different people's voices, names, diagnoses, and personal disclosures are interleaved in real time over an hour and a half. When that file is processed by a cloud AI scribe, every group member's protected health information goes to the vendor together, held in one recording, under one therapist's Business Associate Agreement, for whatever period the vendor's retention policy specifies.

This post examines the specific ways group therapy documentation differs from individual therapy under AI-scribe workflows, why the standard BAA framework is particularly strained in group settings, and why the architectural-privacy argument — the model runs here, the audio never leaves — is more defensible for group facilitators than for any other therapy context.

What one group session recording actually contains

Consider a standard outpatient process group: eight adults, weekly 90-minute sessions, mixed diagnoses, open membership. In a single session, the recording is likely to contain:

• Each member's voice, individually identifiable. Voice biometrics are considered biometric identifiers under HIPAA's definition of PHI, and each member's voice in the recording is associated with their name through the session context.
• Multiple members' mental health diagnoses, either stated explicitly ("I've been struggling with my depression this week") or revealed through the nature of their disclosures.
• Names of third parties mentioned in members' disclosures — family members, romantic partners, employers, coworkers — who are not parties to any consent or BAA relationship with the practice.
• Specific life events and circumstances: job situations, relationship conflicts, substance use, trauma disclosures, financial stress, housing instability. Group therapy's therapeutic mechanism is exactly this kind of peer disclosure, and the documentation value of the recording comes precisely from its specificity.
• Members' responses to each other's disclosures, creating a social graph of who heard what, who responded, and how — a layer of interpersonal context that goes beyond any individual's clinical record.

The therapist's note-taking task after this session is to produce per-member progress notes documenting each individual's participation, clinical status, and treatment trajectory. AI-assisted documentation is well-suited for this: a 90-minute group session produces far more note content than most facilitators can efficiently document manually. The efficiency argument for group AI documentation is, if anything, stronger than for individual sessions. The privacy argument cuts in the opposite direction for the same reason.

The multi-party subpoena problem

The subpoena risk for individual AI-scribed sessions is already meaningful, as the 2026 subpoena risk explainer covers in detail. For group sessions, the exposure is structurally different — and worse.

When one group member becomes involved in litigation where their therapy is relevant, their attorney can subpoena the cloud AI scribe vendor for recordings of sessions they attended. The vendor holds a recording of those sessions. That recording contains every other group member's voice and disclosures, regardless of those members' involvement in or awareness of the litigation.

The group facilitator's ability to assert privilege over the recording is complicated. Privilege in group therapy settings varies by state, and the traditional therapist-patient privilege was developed for individual relationships. Several states recognize group therapy privilege explicitly; others apply a functional analysis that depends on whether confidentiality was promised to the group and whether the presence of multiple patients destroys the privilege. The attorney for one member can argue that the recording — containing multiple participants' voices and disclosures — is not privileged in the same way an individual session recording would be.

Even in states where group therapy privilege is clearly recognized, the subpoena goes to the vendor, not the therapist. As the BAA explainer details, a Business Associate Agreement governs the vendor's HIPAA obligations — it does not constitute a privilege or bar to valid legal process. The vendor responds to the subpoena under the applicable state and federal law in their jurisdiction, not under the terms of their BAA with the therapist.

This creates a scenario that most group facilitators have not planned for: one member's legal situation exposes every other member's disclosures to discovery, mediated through a vendor the other members never knowingly consented to share their sessions with.

The consent gap in group AI-scribe documentation

Standard group therapy informed consent covers the confidentiality expectations of the group: members are typically asked to keep each other's disclosures confidential, and the facilitator is bound by HIPAA and their licensing board's ethical standards. This consent framework was designed for human note-taking — the understanding that the therapist would document the session in their own notes, which would be held in the practice's records under applicable privacy protections.

The addition of an AI scribe fundamentally changes the data custody structure. When a cloud AI scribe processes the group session, each member's voice and disclosures are transmitted to a third-party vendor, stored on that vendor's infrastructure, and potentially accessible to that vendor's staff for quality assurance, model training (unless opted out), and any number of other operational purposes the vendor's privacy policy permits. Most group therapy consent forms do not disclose this, because most group therapy consent forms predate the AI scribe category.

This is a clinical ethics gap as much as a compliance gap. Informed consent in group therapy has always required members to understand who will hear their disclosures. The traditional answer is: the other members and the facilitator. The AI-scribe answer adds: and a cloud vendor's infrastructure, for however long their retention policy specifies.

Practitioners who are building robust consent processes for AI-assisted group documentation need to disclose the vendor identity, the fact of audio transmission, the general retention policy, and the legal implications. Practices using on-device documentation have a materially simpler disclosure: session audio is processed by software on the therapist's Mac and does not leave the practice.

The data-flow reality for cloud group note generation

For context on what cloud AI scribes actually receive and retain, the category-by-category breakdown in the cloud scribe data-flow explainer is worth reviewing. For group sessions specifically, the inputs are the same as for individual sessions — audio file or live recording stream uploaded to the vendor — but the content density is categorically different.

A standard cloud scribe workflow for group documentation:

1. The therapist uploads the group session audio (or streams it live) to the vendor's API endpoint.
2. The vendor's speech-to-text model produces a full verbatim transcript of all speakers for the full session duration.
3. Speaker diarization identifies which voice segment belongs to which speaker, attributing disclosures to individual group members.
4. The vendor's language model processes the attributed transcript to produce per-member notes.
5. Both the audio and the intermediate transcript are retained by the vendor for a period specified in their privacy policy — typically 30 to 90 days, sometimes longer for certain account types.

At step 4, the vendor's infrastructure holds: the full group audio, the full verbatim transcript with speaker attribution, and the per-member note drafts. The audio retention at step 5 means that every group member's voice, linked to their name and their disclosures, is on the vendor's servers for weeks or months after every session.

On-device group documentation: the architectural argument

The architectural-privacy argument for individual sessions is straightforward: the model runs locally, the audio never leaves, there is no cloud copy to subpoena or breach. For group sessions, the same argument holds — and the stakes are proportionally higher because of the multi-party PHI concentration.

With TherapyDraft's on-device workflow for group sessions, the session audio is processed entirely on the therapist's Mac. Whisper.cpp handles speaker diarization and transcription locally — Apple Silicon handles a 90-minute group session in under 10 minutes on an M2 or later. The local language model drafts per-member notes from the local transcript. Nothing in this workflow leaves the therapist's device.

The implications for each of the risks described above:

• Multi-party subpoena exposure is eliminated at the vendor layer. There is no cloud vendor holding the recording. A subpoena to "the AI scribe vendor" cannot produce any records because no external vendor holds any. The therapist's own records — the EHR notes and any locally retained audio — remain subject to the usual therapist-patient privilege analysis, but that analysis happens in the same legal context as any other therapy record, not in the context of a commercial vendor's infrastructure in a potentially different jurisdiction.
• Multi-member PHI concentration does not reach external systems. All eight group members' voices, names, and disclosures remain on the therapist's device. The exposure surface for a breach is the therapist's Mac — which is already in scope for practice security — not a vendor's cloud infrastructure.
• Consent disclosure is materially simpler. Group consent forms can accurately state that AI-assisted documentation uses software running on the practice's own hardware and that session audio is not transmitted to or stored by any third-party vendor. This is an accurate, verifiable, and defensible disclosure.
• Per-member notes can be reviewed before any data leaves the device. Because drafting happens locally, the therapist can review all per-member notes, redact any cross-member identifying content where appropriate, and finalize documentation before anything is pasted into the EHR — without any of the session content having resided on a third-party server.

Group billing and the Group plan

Group therapy practices typically involve multiple clinicians — a primary facilitator, a co-facilitator, and in supervision settings, supervisee clinicians running their own groups under a supervisor's review. The documentation burden compounds: a group practice running ten groups per week across five clinicians has 50 group sessions per week to document, potentially involving hundreds of individual client records per documentation cycle.

TherapyDraft's Group plan ($29/seat/month for three or more seats) is designed for exactly this setting. Each clinician runs the app on their own Mac — the audio from their group sessions is processed on their device, not a shared cloud server. The practice gets the documentation efficiency of AI-assisted note drafting at every seat, and each clinician's group session audio stays on their own hardware.

For practices with a supervisor reviewing per-member notes across multiple group facilitators, the per-clinician data isolation is also an advantage: the supervisor sees the finalized notes that facilitators choose to share, not unredacted session audio or intermediate transcripts. The information that leaves each device is what the facilitator intentionally shares — not the raw session content the AI processed to get there.

Further reading

• The 7 things Mentalyc, Upheal, and Blueprint actually send to their servers — a category-by-category breakdown of cloud scribe data flows, including audio retention and subprocessor chains
• Can an AI therapy note be subpoenaed? A 2026 legal-risk explainer — how subpoenas reach cloud AI vendors and what a BAA cannot prevent
• What is a BAA, actually — and what it does NOT cover — the limits of a Business Associate Agreement as a privacy instrument
• Can your couples therapy notes be subpoenaed in a divorce? — another multi-party documentation scenario where cloud vendor custody creates material legal risk
• HIPAA for private-practice therapists — the 2026 rewrite — the full compliance posture for solo and small-group practice including AI documentation tools

This post is educational commentary, not legal or clinical advice. HIPAA regulations, state privacy laws, group therapy privilege rules, and subpoena procedures vary by jurisdiction. The legal status of group therapy recordings under subpoena, and whether group therapy privilege applies to AI-scribe vendor records, depends on the laws of the applicable state and the jurisdiction of any legal proceeding. Consult a licensed healthcare attorney for guidance specific to your practice, client population, and jurisdiction.