Legal & Compliance

The HIPAA minimum necessary standard and cloud AI scribes: five proceedings that probe whether capturing the full session satisfies 45 C.F.R. § 164.502(b)

Every cloud AI scribe accumulates a vendor-held archive of session audio, AI-generated transcript, and draft notes — far more PHI than the finished clinical note. Five adversarial proceedings examine whether that excess retention satisfies HIPAA's minimum necessary standard, each from a different direction, each able to impose consequences on the covered entity independent of the others.

TherapyDraft · 2026-07-03 · 2,850 words

The HIPAA minimum necessary standard is one of those provisions that therapists learn in ethics training and then largely set aside. For everyday treatment disclosures — sharing a summary note with a referring physician, disclosing records in response to a valid authorization — the rule operates in the background, and covered entities rarely face adversarial proceedings over whether they disclosed the right amount. But the minimum necessary standard has particular force when a covered entity discloses PHI to a business associate, and using a cloud AI scribe is, at its core, a series of disclosures of PHI to a business associate for the purpose of generating a clinical note.

The question HIPAA poses — and no HHS OCR guidance has answered definitively for the cloud AI scribe context — is whether disclosing complete session audio, the real-time AI-generated transcript, and multiple draft note iterations to a cloud vendor is the minimum PHI necessary to accomplish the note-generation purpose, or whether the finished note alone would have been sufficient. The practical significance of that unanswered question becomes visible when five adversarial proceedings each examine it from their own angle: an OCR post-breach investigation, a client HIPAA complaint, state attorney general enforcement, a BAA indemnity dispute, and professional negligence civil litigation. None of those five proceedings requires the others to resolve first. All five can run concurrently, and the covered entity's exposure in each is a function of the same underlying fact — the existence of a vendor-held archive containing more PHI than the documentation purpose required.

The legal framework: minimum necessary and the business associate relationship

45 C.F.R. § 164.502(b)(1) provides that a covered entity must make reasonable efforts to use and disclose only the minimum amount of protected health information necessary to accomplish the intended purpose of the use or disclosure. The minimum necessary standard contains a critical carve-out: it does not apply to disclosures to a healthcare provider for treatment purposes. That carve-out means the standard is not triggered when a therapist sends a treatment summary to a referring physician. But the carve-out does not extend to business associates. Under 45 C.F.R. § 164.514(d)(3), when a covered entity discloses PHI to a business associate, the covered entity must make reasonable efforts to limit the PHI disclosed to the BA to the minimum necessary to accomplish the purpose for which the disclosure is made.

A cloud AI scribe vendor is a business associate. The therapist discloses PHI to the vendor — session audio, or the session audio stream, or the real-time audio captured by the vendor's application — and the vendor processes it to generate a clinical note. Three layers of PHI accumulate in the vendor's archive during that process: the original session audio (the verbatim record of everything said during the session, including client disclosures, therapist interpretations, and incidental conversation); the AI-generated transcript (the text form of the same verbatim session, searchable and indexable in a way that raw audio is not); and the draft note or sequence of note drafts generated during the session before the final note is finalized by the clinician. Each layer is PHI. The question minimum necessary asks is whether all three layers are minimally necessary to generate the finished clinical note — or whether, for example, only the audio necessary to generate the transcript, or only the transcript necessary to generate the note, would have satisfied the documentation purpose without accumulating a vendor archive of everything said in the session.

HHS OCR's 2003 Minimum Necessary guidance applied a reasonableness standard: covered entities are not required to engage in a case-by-case analysis of each disclosure, but must implement policies and procedures to reasonably limit disclosures to BAs to the minimum necessary. OCR has not updated that guidance to address cloud AI scribes specifically. In the absence of targeted guidance, five adversarial proceedings have developed their own answers — and the reasonableness of capturing everything for a note-generation purpose has fared differently in each.

Proceeding 1: HHS OCR investigation triggered by a cloud AI scribe vendor breach

When a cloud AI scribe vendor suffers a breach and reports it to HHS under 45 C.F.R. § 164.410, OCR's post-breach investigation examines both the BA's security controls and the covered entity's compliance with the minimum necessary standard. The two inquiries are independent. A covered entity whose BA suffers a breach can face OCR penalties for its own pre-breach compliance failures — including disclosing more PHI to the BA than minimum necessary permitted — even if the covered entity itself was not the breaching party.

The OCR post-breach investigation asks the covered entity to produce its BAA with the vendor, its policies and procedures for minimum necessary compliance, and documentation of what PHI the vendor was authorized to receive and retain. The investigation can reveal that the covered entity's BAA with the cloud AI scribe vendor authorized the vendor to retain session audio indefinitely — or for a retention period (two, three, or five years) far exceeding the period necessary to generate the clinical note. If the vendor's data processing practices, disclosed during the OCR investigation, show that the vendor retained session audio after the note was finalized and returned to the clinician, OCR must evaluate whether the covered entity's disclosure practices — accepting a BAA that permitted indefinite retention of session audio for a note-generation purpose — satisfied the minimum necessary standard under § 164.514(d)(3).

HIPAA's civil money penalty tiers (45 C.F.R. § 160.404) apply per violation: $137 to $68,928 per violation depending on the level of culpability, with an annual cap of $2,067,813 per violation category. A minimum necessary violation assessed per client session — where the covered entity disclosed session audio that was not minimally necessary, for each of thousands of client sessions over a multi-year cloud AI scribe contract — generates aggregate exposure that is material independent of anything the vendor did wrong. The OCR investigation of the vendor breach becomes an OCR investigation of the covered entity's disclosure practices, and the covered entity cannot rely on its BAA or the vendor's security certifications to satisfy minimum necessary — the covered entity owns the disclosure decision.

Proceeding 2: client HIPAA complaint following breach disclosure notification

When a cloud AI scribe vendor breach triggers the covered entity's breach notification obligation under 45 C.F.R. § 164.404, the notification informs affected clients that their PHI was involved in a breach at a vendor the therapist used for note generation. Many clients receiving that notification learn for the first time that their therapist used a cloud AI scribe, and most learn for the first time that the vendor held session audio and a verbatim transcript of their sessions. For some clients, particularly those in therapy for sensitive matters — trauma, substance use disorder, personality disorder, suicidality — the discovery that their session audio was held in a vendor archive creates a direct motivation to file a HIPAA complaint with OCR.

An HHS OCR HIPAA complaint investigation requires the covered entity to respond to OCR's request for information within a specified period. The complaint investigation examining a minimum necessary allegation follows the same pathway as a post-breach minimum necessary investigation but originates from the client's complaint rather than the breach report. OCR processes HIPAA complaints through informal resolution — where the covered entity agrees to implement corrective actions voluntarily — or through a formal investigation that can result in a Resolution Agreement and corrective action plan. A covered entity that cannot demonstrate that its disclosure of session audio to the cloud AI scribe vendor was minimally necessary for the note-generation purpose — for example, because the BAA authorized the vendor to retain audio for purposes beyond note generation (model training, product improvement, analytics) — faces a corrective action plan that may require the covered entity to change its documentation practices, terminate the cloud AI scribe contract, or both.

The client complaint pathway is particularly significant because the covered entity's breach notification is the trigger. A covered entity that uses a cloud AI scribe without disclosing that fact to clients in its Notice of Privacy Practices — or without ensuring that the NPP's description of how PHI is used for treatment and healthcare operations encompasses disclosure of session audio to a cloud vendor — may face simultaneous OCR complaints for minimum necessary violations and NPP deficiencies, both arising from the same breach notification. The limits of what a BAA actually covers are most visible when a client who signed an NPP discovers that the NPP did not disclose the vendor archive their session audio was held in.

Proceeding 3: state attorney general enforcement under state health privacy laws

California's Confidentiality of Medical Information Act (CMIA, Cal. Health & Safety Code §§ 56.10–56.37), Illinois's Mental Health and Developmental Disabilities Confidentiality Act (MHDDCA, 740 Ill. Comp. Stat. 110/1 et seq.), and New York's Mental Hygiene Law § 33.13 each restrict disclosure of mental health information to what is necessary for the authorized purpose. These state laws predate HIPAA and are not preempted by it — they operate as independent enforcement regimes with their own penalty structures, enforcement authorities, and standards for what constitutes a permissible disclosure.

California's CMIA § 56.10 requires a written authorization for any disclosure of medical information — including mental health therapy records — except in specified circumstances. Disclosures to business associates for the covered entity's healthcare operations are permitted, but California courts and the AG have applied a minimum necessary standard to those disclosures: the covered entity may disclose only the information necessary for the healthcare operations purpose. California's § 56.36 provides a private cause of action for any person whose medical information has been disclosed in violation of the CMIA, with civil penalties of $1,000 per negligent violation and $3,000 per intentional violation, plus attorney's fees and costs. The California AG has enforcement authority under § 56.36(d) to bring civil actions for CMIA violations and has done so against covered entities that disclosed more medical information to vendors than the disclosed purpose required.

Illinois's MHDDCA (740 Ill. Comp. Stat. 110/1 et seq.) restricts disclosure of mental health records to what is authorized, with criminal penalties for knowing and willful unauthorized disclosures (Class A misdemeanor, up to $1,000 fine and one year imprisonment per violation) and civil liability for actual damages plus $100 per violation. Illinois courts have interpreted the MHDDCA to require that any disclosure be limited to what is necessary for the authorized purpose — a more protective standard than HIPAA's reasonableness approach. A therapist practicing in Illinois who uses a cloud AI scribe that retains session audio for purposes beyond note generation — including model training or product analytics disclosed in the vendor's terms of service — faces MHDDCA civil and criminal exposure that runs independently of HIPAA's federal minimum necessary analysis.

New York's Mental Hygiene Law § 33.13 prohibits disclosure of clinical records maintained by mental health facilities and practitioners without patient consent, except in specifically authorized circumstances. The statute provides that unauthorized disclosures create civil liability to the patient. State law enforcement under these three statutes — through AG civil actions, private causes of action, or referrals to state professional licensing boards — operates entirely independently of OCR's federal enforcement pathway and is available even when OCR declines to investigate or takes no enforcement action on a client HIPAA complaint. The substantive differences among state mental health privacy laws are most consequential when the covered entity's cloud AI scribe vendor retains session audio that state law would not have permitted the covered entity to disclose at all.

Proceeding 4: BAA scope dispute and indemnity litigation

The business associate agreement between the treating therapist and the cloud AI scribe vendor is the contractual instrument that defines what the vendor is authorized to receive and retain. A well-drafted BAA specifies that the vendor is authorized to receive session audio for the purpose of generating a clinical note and that the vendor will not retain audio beyond the period necessary to complete that generation. Most cloud AI scribe vendor BAAs are not drafted to that specificity — they authorize the vendor to receive PHI for "services," "treatment purposes," or "healthcare operations" without limiting the scope of PHI the vendor retains or the duration of retention. Many extend the vendor's authorized purposes to include model improvement, product analytics, quality assurance, and aggregate research — purposes that do not correspond to the note-generation purpose for which the session audio was disclosed.

When a breach at the cloud AI scribe vendor triggers litigation between the covered entity and the vendor over indemnity and liability allocation, the scope of what the BAA authorized becomes the central commercial question. The covered entity's position — that the vendor's retention of session audio beyond the period necessary for note generation exceeded what the BAA authorized, making the vendor liable for the breach — requires the covered entity to establish that the BAA limited the vendor's retention to the minimum necessary for note generation. The vendor's position — that the BAA's broadly scoped "services" or "healthcare operations" language authorized the retention practices that led to the breach — requires establishing that the covered entity affirmatively accepted a BAA that permitted indefinite retention for multiple purposes.

This indemnity dispute is a commercial adjudication of minimum necessary. If the court or arbitrator finds that the vendor's data practices exceeded what the BAA authorized — that the parties' agreement, properly construed, limited the vendor to the minimum PHI necessary for note generation — the vendor may bear indemnity exposure for the breach. If the court finds that the covered entity accepted a BAA that authorized the retention that occurred, the covered entity faces a more difficult minimum necessary defense in the parallel OCR investigation — because the covered entity's own BAA demonstrates that it authorized disclosure to a vendor that retained far more than the minimum necessary for the note-generation purpose.

The BAA indemnity dispute converts minimum necessary from a regulatory compliance question into a commercial contract question with immediate monetary stakes. The covered entity that accepted a broadly scoped cloud AI scribe vendor BAA finds that its minimum necessary defense before OCR, its response to client complaints, and its commercial indemnity position against the vendor are all weakened by the same document — the BAA that authorized the vendor to retain everything. The connection between what cloud AI scribes actually send to their servers and what the BAA authorizes them to retain is the gap that makes the indemnity dispute possible.

Proceeding 5: professional negligence civil litigation after a vendor breach

A therapy client whose session audio was retained in a cloud AI scribe vendor archive and later compromised in a breach has multiple civil theories of action against both the vendor and the treating therapist. Against the treating therapist specifically, the minimum necessary standard serves as the measure of the professional duty of care: did the therapist exercise reasonable professional judgment in selecting a documentation tool that retained only the minimum PHI necessary for the treatment documentation purpose?

Professional negligence claims require establishing the applicable standard of care through expert testimony. For mental health practitioners, that standard is drawn from professional ethics codes — NASW Code of Ethics Standard 1.07 (confidentiality), APA Ethics Code Principle 4.01 (maintaining confidentiality), AAMFT Code of Ethics Standard II.2 — and from regulatory standards including HIPAA's minimum necessary requirement. An expert witness can testify that the standard of care required a therapist selecting a documentation tool to assess whether that tool retained only the minimum PHI necessary for the treatment documentation purpose, and that a therapist who adopted a cloud AI scribe vendor that retained session audio indefinitely — when an alternative tool that retained only the finished note on the clinician's own device was available — departed from the standard of care in making that selection.

The professional negligence theory focuses on the therapist's selection decision, not the vendor's security failure. The breach is the precipitating event that creates civil exposure, but the minimum necessary standard is the measure of whether the selection decision was reasonable. A therapist who could have used a documentation tool that retained only the finished note and thereby disclosed the minimum PHI necessary to the BA — or, in the case of on-device processing, made no disclosure to a BA at all — but instead chose a tool that retained complete session audio in a third-party archive, faces a jury evaluation of whether that selection decision met the standard of care for protecting client confidentiality in the post-cloud-AI-scribe era.

The damages available in professional negligence litigation for HIPAA-related therapy record disclosures can include: actual damages for the emotional distress caused by the unauthorized disclosure of sensitive mental health information; nominal damages for the per se privacy violation; punitive damages in jurisdictions where the selection of a documentation tool that clearly exceeded minimum necessary demonstrates reckless disregard for client privacy; and attorney's fees under state consumer protection or civil rights statutes that provide fee-shifting. Where state law provides a private cause of action for CMIA or MHDDCA violations — and those violations are premised on the same minimum necessary argument — the state statutory claims can be brought alongside the common-law negligence claim in the same civil action. Whether an AI therapy note can be subpoenaed addresses the evidentiary dimension of the vendor archive; the professional negligence claim addresses the liability dimension of selecting a tool that created the archive in the first place.

The convergence of all five proceedings on the same vendor archive

Each of the five proceedings described above reaches the same underlying fact from a different direction: the cloud AI scribe vendor holds a repository of session audio, AI-generated transcripts, and draft notes that is substantially larger than the finished clinical note that is the documentation purpose. The OCR post-breach investigation evaluates whether the covered entity's disclosure to the vendor satisfied minimum necessary as a regulatory compliance matter. The client HIPAA complaint evaluates the same question after the breach notification creates client awareness of the vendor archive. The state AG enforcement investigation evaluates the disclosure against state-law minimum necessary analogs with independent penalty authority. The BAA indemnity dispute evaluates the disclosure against the commercial contract that defined what the vendor was authorized to retain. The professional negligence civil litigation evaluates the selection decision against the professional standard of care for protecting client confidentiality.

All five proceedings are enabled — and all five are intensified — by the existence of the vendor archive. The OCR investigation has no minimum necessary violation to examine if no vendor archive accumulated. The client complaint has no vendor archive to complain about if no session audio was retained outside the therapist's device. The state AG has no disclosure to scrutinize if no PHI reached a vendor's servers. The BAA indemnity dispute has no scope dispute if no BA received PHI. The negligence plaintiff has no excess retention to use as the measure of a standard-of-care departure if no vendor held the session audio at all.

The minimum necessary standard is not, on its own, the most prominent HIPAA provision that therapists navigate daily. But it is the provision that becomes most consequential when a cloud AI scribe vendor breach reveals how much PHI the vendor accumulated — and makes visible the gap between what the note-generation purpose required and what the vendor actually held. The professional licensing board context addresses the parallel disciplinary exposure for the same documentation choices.

What on-device processing eliminates

Each of the five adversarial proceedings described above depends on the existence of a cloud AI scribe vendor archive — a repository of session audio, AI-generated transcripts, and draft notes accumulated in a third-party cloud infrastructure outside the treating therapist's control. The OCR post-breach investigation, the client HIPAA complaint, the state AG enforcement action, the BAA indemnity dispute, and the professional negligence civil litigation all require, as a threshold condition, that a BA received PHI from the covered entity and retained more PHI than the note-generation purpose minimally required. Without a vendor archive, the minimum necessary question has no fact pattern to apply to.

On-device processing eliminates the vendor archive before the minimum necessary question can arise. When a therapist uses TherapyDraft, session audio is captured on the clinician's Mac, transcribed by a locally running Whisper model, and drafted into a clinical note by a locally running inference model — all without any data leaving the device. There is no business associate receiving PHI, because there is no network transmission of audio, transcript, or draft notes to any external server. The HIPAA minimum necessary standard applies to disclosures to business associates. When there is no disclosure — because the processing occurs entirely on the clinician's device — there is no vendor archive for OCR to examine, no breach notification for a client to receive, no disclosure for a state AG to investigate, no BAA whose scope is in dispute, and no excess retention for a negligence plaintiff to characterize as a departure from the standard of care.

On-device processing also eliminates the commercial complexity of the BAA relationship. A therapist using TherapyDraft does not execute a BAA with a cloud AI scribe vendor, does not transmit session audio to an external server, and does not create any vendor-held archive of the session content. The finished clinical note — reviewed and finalized by the clinician — is the complete PHI artifact that the treatment documentation purpose produces. No audio, no transcript, and no draft notes exist outside the device where the clinician works. The minimum necessary standard is satisfied structurally, not contractually: the amount of PHI disclosed to any BA is zero, because there is no disclosure.

For the treating therapist who is navigating the question of which documentation tool to adopt — and who is aware that the minimum necessary standard applies to disclosures to business associates — on-device processing converts a regulatory compliance analysis into an architectural fact. The question "does this tool disclose only the minimum PHI necessary for note generation?" has an unambiguous answer when the tool never transmits any PHI outside the device at all.

HIPAA by architecture, not by contract.

TherapyDraft drafts your notes on your Mac. Audio, transcript, and note never open a network socket — no vendor archive, no business associate receiving PHI, no minimum necessary analysis required because there is nothing to disclose.

See pricing

Frequently asked questions

Does the HIPAA minimum necessary standard apply to a therapist's use of a cloud AI scribe?

Yes. Under 45 C.F.R. § 164.514(d)(3), when a covered entity discloses PHI to a business associate, the covered entity must make reasonable efforts to limit that PHI to the minimum necessary to accomplish the purpose for which the disclosure is made. A cloud AI scribe is a business associate — the therapist discloses session PHI to the vendor for the purpose of generating a clinical note. Whether disclosing complete session audio, the AI-generated transcript, and draft notes is the minimum necessary for a note-generation purpose is a question HHS OCR has not answered definitively for the cloud AI scribe context. The carve-out from the minimum necessary standard for disclosures to healthcare providers for treatment purposes (45 C.F.R. § 164.502(b)(2)(ii)) does not extend to business associates — a cloud AI scribe vendor is a BA, not a treating provider.

Can HHS OCR investigate a therapist's minimum necessary compliance after a cloud AI scribe vendor breach?

Yes. OCR's post-breach investigation under 45 C.F.R. § 164.410 examines not only the BA's security controls but also the covered entity's compliance with minimum necessary as a standalone matter. OCR can impose civil money penalties on the covered entity for minimum necessary violations that predated the breach — for example, for disclosing session audio to a vendor whose BAA authorized indefinite retention for purposes beyond note generation. The penalties apply per violation, which means the exposure aggregates across every session where the covered entity disclosed excess PHI to the vendor. A covered entity with thousands of client sessions over a multi-year cloud AI scribe contract faces aggregate minimum necessary penalty exposure independent of the vendor's security failure.

What state privacy laws create minimum necessary analogs for mental health therapy records?

California's CMIA (Cal. Health & Safety Code §§ 56.10–56.37), Illinois's MHDDCA (740 Ill. Comp. Stat. 110/1 et seq.), and New York's Mental Hygiene Law § 33.13 each restrict disclosure of mental health records to what is necessary for the authorized purpose, with independent enforcement mechanisms. California's CMIA provides a private cause of action with $1,000 per negligent violation and $3,000 per intentional violation, plus AG enforcement. Illinois's MHDDCA provides criminal penalties of up to $1,000 and imprisonment per knowing and willful violation. New York's Mental Hygiene Law § 33.13 provides civil liability to the patient for unauthorized disclosures. These state standards operate independently of HIPAA and are not preempted by it — state AG enforcement or private litigation can proceed even when OCR declines to investigate or takes no federal enforcement action.

How does a BAA indemnity dispute convert minimum necessary into a commercial dispute?

When a cloud AI scribe vendor breach triggers indemnity litigation, the scope of what the BAA authorized the vendor to receive and retain becomes central to liability allocation. The covered entity's minimum necessary position — that the vendor retained more than the BAA authorized — and the vendor's position — that the broadly scoped "services" language authorized indefinite retention — require a court or arbitrator to determine what minimum necessary meant in the parties' commercial agreement. A finding that the vendor's retention exceeded the BAA's scope shifts indemnity to the vendor. A finding that the covered entity accepted a BAA that authorized the retention weakens the covered entity's minimum necessary defense before OCR and in the parallel civil litigation. The same minimum necessary standard simultaneously resolves regulatory and commercial liability.

Does on-device AI scribe processing eliminate minimum necessary exposure?

On-device processing eliminates the minimum necessary question architecturally. When a therapist uses TherapyDraft, audio is captured locally, transcribed by a local Whisper model, and drafted by a local inference model — no data leaves the device. There is no business associate receiving PHI because there is no network transmission. The HIPAA minimum necessary standard applies to disclosures to business associates — and when there is no disclosure, the standard has no PHI flow to evaluate. There is no vendor archive for OCR to examine, no breach notification to trigger a client complaint, no state-law disclosure for an AG to investigate, no BAA scope in dispute, and no excess retention for a negligence plaintiff to use as the measure of a standard-of-care departure. On-device processing solves minimum necessary by architectural elimination rather than contractual management.