PHP and IOP group documentation, cloud AI scribes, and the insurance utilization review pathway: five adversarial proceedings that reach the vendor archive

PHP and IOP as a distinct documentation context

Partial hospitalization programs (PHP) and intensive outpatient programs (IOP) occupy the level-of-care space between inpatient psychiatric admission and standard weekly outpatient therapy. PHP typically involves structured treatment for five to seven hours per day, five days per week — psychoeducation groups, process groups, skills training groups, family therapy sessions, individual therapy, and psychiatric medication management in combination. IOP typically involves three to four hours per day, three to five days per week, with a similar mix of group and individual modalities. Both levels of care exist specifically to treat patients whose symptoms are too acute for weekly outpatient therapy to stabilize, but who do not require the round-the-clock containment of an inpatient psychiatric unit.

The clinical population at PHP and IOP is correspondingly acute. These are patients in active psychiatric crisis or partial crisis — major depressive episodes with functional impairment, acute anxiety disorders, substance use disorders requiring structured outpatient detox or early recovery support, eating disorders at medically monitored weight, trauma presentations that have recently destabilized, psychotic disorders in partial remission. The group sessions at PHP and IOP capture clinical content of a specificity and severity that exceeds what a standard outpatient process group typically produces — patients are there precisely because their presentations warrant more intensive documentation, more frequent clinical observation, and more structured treatment than weekly sessions can provide.

Documentation at PHP and IOP reflects that intensity. A full PHP program generates documentation from four to six group sessions per day. Each group has a facilitating clinician who must document the group session: who attended, what therapeutic work occurred, what each member disclosed, how the group functioned therapeutically, and how each member's presentation compared to their baseline and treatment goals. Multiply that documentation volume by a five-day week, and a single PHP patient accumulates clinical documentation from twenty or more group sessions per week — in addition to individual therapy and psychiatric notes. IOP documentation, while less intensive, runs on the same multi-group-per-day model across three to five days per week.

When PHP and IOP programs adopt cloud AI scribes to assist with group session documentation, the vendor archive that accumulates is categorically different from the vendor archive created by an individual therapy practice. Each group session generates a single audio recording that contains every group member's voice and disclosures simultaneously. The vendor holds that recording as one business record under the facilitating clinician's BAA. And the volume of recordings accumulates at a rate that creates a longitudinal vendor archive of group session content with no analog in standard outpatient documentation.

This post examines the five adversarial proceedings that are specific to or significantly amplified in the PHP and IOP context. It is distinct from the general analysis of multi-party PHI in outpatient group therapy, which covers the mechanics of group session archives broadly but does not address the level-of-care determination context, the insurance utilization review pathway, or the ERISA parity enforcement framework that define the PHP and IOP adversarial landscape. It is also distinct from the analysis of independent contractor documentation ownership at IOP programs, which addresses who owns the contractor therapist's clinical record but not the group session multi-PHI architecture or the insurance company pathways that are this post's focus.

What a cloud AI scribe captures in PHP and IOP group sessions

The clinical content of PHP and IOP group sessions is both more sensitive and more voluminous than the content of a standard outpatient group. Understanding what the vendor archive actually holds — as distinct from the formal clinical note — is essential to understanding the adversarial proceedings that can reach it.

In a skills training group, the vendor's recording captures not just the psychoeducational content the facilitator delivers but each group member's responses: which member described having a panic attack the previous night, which member disclosed relapsing over the weekend, which member stated they had been restricting their eating despite their discharge plan, which member described suicidal ideation that they had not yet told their treatment team. The formal group note may document that "group members practiced distress tolerance skills and processed barriers to implementation" — the vendor archive holds the verbatim accounts of what those barriers were in each member's words.

In a process group, the vendor archive holds the interpersonal dynamics that the group's therapeutic mechanism depends on: who disclosed a history of childhood abuse, who described the specific circumstances of their current crisis, who named a family member in the context of a trauma disclosure, who described the substance they had been using and in what quantities, who expressed hopelessness about recovery in terms that the formal note would characterize as "passive suicidal ideation."

In a family group — standard at PHP programs with adolescent or young adult patients — the vendor archive may hold both the patient's disclosures and the disclosures of family members who are not HIPAA patients of the program but whose statements are captured by the recording because they were present in the session. The family member who describes their own mental health history, the parent who discloses the circumstances that led to the patient's crisis, the sibling who names a third party in a disclosure relevant to the patient's presentation — all of that appears in the vendor's business record of the session alongside the patient's PHI.

Level-of-care determination content is the most legally significant category. PHP and IOP admissions require documentation of medical necessity for the elevated level of care — documentation that the patient's symptom severity, functional impairment, or treatment response warrants PHP or IOP rather than weekly outpatient therapy. That documentation occurs not only in the formal level-of-care assessment but in the group session records that demonstrate, day by day, the clinical presentations that justify continued PHP or IOP authorization. The cloud AI scribe's vendor archive captures the underlying session content from which those determinations are made — which means it holds the clinical evidence that insurance carriers, ERISA courts, and DOL investigators analyze when they evaluate whether the level-of-care authorization was clinically appropriate.

Five adversarial proceedings specific to PHP and IOP group documentation

1. Insurance utilization review and internal appeal

Insurance utilization review is the primary adversarial relationship in PHP and IOP practice — far more immediately consequential for most programs than civil litigation or regulatory enforcement. Concurrent UR occurs during an active PHP or IOP admission: the insurer's UR reviewer contacts the program at regular intervals (often every three to five days for PHP, weekly for IOP) to request clinical documentation supporting continued authorization for the elevated level of care. The UR reviewer applies the insurer's internal clinical criteria — typically versions of the InterQual or MCG criteria, or the insurer's proprietary criteria that must meet MHPAEA requirements — to determine whether the patient's documented presentation warrants continued PHP or IOP versus step-down to a lower level of care.

The formal clinical documentation that PHP and IOP programs submit in UR review is what the clinicians wrote: group notes, individual therapy notes, psychiatric medication management notes, nursing notes. But the insurance carrier's legal discovery rights in subsequent ERISA litigation extend to any document or business record that relates to the claim being litigated — and a cloud AI scribe vendor archive of group sessions from the authorization period is a business record that relates to the claim. In ERISA civil discovery, the carrier's litigation counsel can issue a Rule 45 civil subpoena to the vendor as a third-party business record custodian, compelling production of the session recordings and transcripts that the formal notes were generated from.

The insurer's use of that vendor archive in ERISA litigation is typically defensive: if the patient or the program appeals a UR denial and the appeal results in litigation, the carrier seeks the vendor archive to establish that the clinical presentations documented in the formal notes were not as severe as the program's UR submissions characterized — or that step-down decisions the carrier made were supported by the session content. The vendor archive, which captures verbatim session content rather than the clinically framed formal note, may provide evidence that differs from the formal documentation in clinically significant ways. Patients in PHP and IOP also have improved moments within their overall acute presentation — moments that the formal note contextualizes within the arc of treatment but that the verbatim vendor archive captures without that clinical framing.

When a PHP or IOP program submits an internal appeal of a UR denial — a required step before ERISA external review or litigation — the internal appeal process involves the insurer's appeal reviewers examining the clinical record again. The appeal letter and supporting clinical documentation the program submits constitute the administrative record. In subsequent ERISA litigation, what the court reviews is primarily the administrative record as it existed at the time of the denial — but the federal discovery rules permit parties to reach outside that administrative record in limited circumstances, including when the administrative record is incomplete or when there is evidence of procedural irregularity. Cloud AI scribe vendor archives that document clinical sessions during the authorization period can be relevant to whether the administrative record accurately reflected the patient's clinical presentation.

2. ERISA § 502(a)(1)(B) civil litigation for wrongful denial of PHP and IOP benefits

ERISA § 502(a)(1)(B) provides a civil cause of action for plan participants who believe a plan administrator wrongfully denied benefits to which they were entitled under the plan. For patients whose PHP or IOP admission was denied or terminated through UR — and who believe that denial violated the plan's coverage obligations or the MHPAEA's parity requirements — ERISA § 502(a) litigation is the remedial vehicle. Federal courts in circuits that permit de novo review of ERISA benefit denials (rather than deferential arbitrary-and-capricious review) conduct a fresh examination of the clinical evidence, which creates full federal discovery rights for both parties.

In ERISA § 502(a) litigation over PHP or IOP benefit denials, the patient's attorney seeks the full clinical record of the program and may subpoena the cloud AI scribe vendor's session archives to obtain the underlying verbatim session content that generated the formal clinical notes. The theory is that the formal notes summarize and interpret clinical content — the vendor archive provides contemporaneous, unmediated evidence of what actually occurred in the group sessions. If the formal note states that "the patient demonstrated continued acute symptomatology consistent with PHP level of care," the vendor archive holds the specific content of the patient's disclosures from that day's group sessions that constituted that acute symptomatology in clinical context.

MHPAEA parity claims in ERISA litigation add a comparative analysis dimension. Under the parity law's nonquantitative treatment limitation framework — as applied and elaborated through federal circuit decisions and DOL guidance — courts and investigators compare how the insurer applies clinical criteria for PHP and IOP benefits against how it applies criteria for analogous medical and surgical acute care benefits. One element of that comparison is documentation: how detailed and specific does the insurer require PHP and IOP clinical documentation to be, compared to what the insurer requires for analogous medical acute care determinations? If the insurer demands more detailed clinical documentation for PHP/IOP authorization than for an analogous medical benefit, the parity law may be violated regardless of the medical necessity criteria themselves. Cloud AI scribe vendor archives, as a source of granular clinical documentation from PHP and IOP sessions, may be relevant to demonstrating the documentation intensity required by the insurer's UR process. The landmark decision in David P. v. United Behavioral Health (9th Cir. 2021) and subsequent parity enforcement framework have placed substantial pressure on insurer documentation practices in mental health and SUD UR — increasing the legal significance of what the clinical documentation says and where it comes from.

3. Multi-patient subpoena cascade from group session vendor archives

The multi-patient exposure risk is not unique to PHP and IOP, but the PHP and IOP context amplifies it substantially. In outpatient group therapy, a standard process group may meet weekly, involve six to ten members, and generate one weekly session recording per group. In a full PHP program, a patient may attend four to six groups per day over a five-day week — meaning a single week's PHP admission generates twenty to thirty separate group session recordings per patient, each shared with every other patient who attended those groups. The vendor archive accumulates multi-patient PHI at a rate that creates a cross-patient exposure architecture with no outpatient analog.

The exposure mechanism is the same as in any group therapy context: one group member's litigation compels vendor archives that contain other members' disclosures. The PHP and IOP context amplifies this exposure in two ways. First, patients at PHP and IOP level of care are more acutely symptomatic, meaning their session disclosures are more clinically sensitive — the vendor archive of a PHP group session is more likely to contain active crisis disclosures, specific trauma accounts, substance use admissions, and statements about suicidal or self-harm ideation than a typical outpatient process group recording. Second, the high session volume means that any one patient's adversarial litigation touches a large number of group session recordings, each of which contains multiple other patients' PHI.

A patient whose PHP admission overlaps with a child custody dispute may have their attorney issue a Rule 45 civil subpoena to the cloud AI scribe vendor seeking session recordings from the patient's PHP attendance period. Those recordings contain the disclosures of every other patient who attended those groups — including, potentially, patients whose PHP admissions were entirely unrelated to any litigation but whose disclosures happened to co-occur with the litigating patient's sessions. The vendor's BAA with the PHP program governs the vendor's internal data handling obligations; it does not override the vendor's legal obligation to comply with a valid civil subpoena directed at the vendor as a third-party business record custodian.

The program administrator who receives notice — if they receive notice — of a Rule 45 subpoena to the vendor faces an immediate clinical and legal problem: the vendor holds recordings of group sessions that contain the PHI of patients who are not parties to the litigation, who have not authorized disclosure of their session content, and who have no practical mechanism to be notified before the vendor complies. HIPAA provides procedural protections that require covered entities receiving subpoenas to either obtain the patient's authorization or seek a qualified protective order — but those protections apply to the covered entity, not to the vendor operating under a BAA. When the subpoena is directed at the vendor rather than the program, the vendor's compliance obligations are governed by the subpoena's legal validity and the vendor's own legal counsel, not by the program's HIPAA procedures.

4. Department of Labor MHPAEA enforcement investigations

The Employee Benefits Security Administration (EBSA) is the Department of Labor agency responsible for enforcing ERISA, including the MHPAEA's mental health and substance use disorder parity requirements for employer-sponsored health plans. EBSA conducts both complaint-driven investigations and market-wide enforcement sweeps examining specific insurers' parity compliance across their book of business. EBSA's investigative authority is broad: 29 U.S.C. § 1134 grants the Secretary of Labor administrative subpoena authority to compel the production of records from any person, whether or not a party to ERISA, in connection with an ERISA investigation.

In MHPAEA enforcement investigations that focus on PHP and IOP benefit administration, EBSA's investigators examine the comparative analysis between the insurer's handling of mental health and SUD claims for elevated levels of care versus analogous medical and surgical benefits. The investigation typically compels documentation from the insurer — the UR criteria, the internal clinical guidelines, the specific records of adverse benefit determinations and the clinical documentation submitted. But EBSA's § 1134 authority is not limited to the insurer. EBSA can subpoena PHP and IOP programs as third parties whose records are relevant to the investigation, and — as the investigative authority has expanded its scope — EBSA could reach the cloud AI scribe vendor holding group session archives as independently relevant evidence of the clinical content that the insurer's UR process was evaluating.

The relevance theory is comparative: if EBSA is investigating whether the insurer's documentation requirements for PHP and IOP medical necessity determinations are more burdensome than its requirements for analogous medical acute care benefits, the vendor's contemporaneous session archives document what actually occurred in the PHP and IOP sessions — providing an independent baseline against which the formal clinical documentation submitted to the insurer in UR can be compared. If the formal notes consistently abstract clinical content that the vendor archives capture in detailed form, and the insurer's UR criteria require that detail to be specified in ways that are not required for analogous medical benefits, that discrepancy is evidence of a nonquantitative treatment limitation in the insurer's documentation practices. PHP and IOP programs that use cloud AI scribes for group session documentation may find their vendor's independently held session archives compelled by federal administrative subpoena in ERISA enforcement investigations entirely unrelated to any individual patient claim.

5. State insurance commissioner market conduct examination

State insurance commissioners conduct periodic market conduct examinations of health insurance carriers licensed in their states — structured regulatory audits that examine the carrier's claims handling practices, including adverse benefit determination rates, UR criteria application, and appeals processing for mental health and substance use disorder claims. Most states have enacted state mental health parity laws parallel to or more stringent than the federal MHPAEA, and state market conduct examinations frequently include assessment of the carrier's parity compliance for PHP and IOP benefit administration specifically.

Market conduct examinations operate through administrative subpoena authority: the state insurance commissioner has statutory authority to compel the production of books, records, and documents from insurers under examination, and examination authority typically extends to third parties whose records are relevant to the carrier's claims handling practices. When a state commissioner examines an insurer's PHP and IOP claims handling — reviewing a sample of adverse determinations and the clinical documentation submitted in support of those claims — the examination may reach third-party records that document the clinical basis for the benefit determinations being examined.

PHP and IOP programs operating in states with active market conduct examination programs face a potential pathway through which the state insurance commissioner's examination of an insurer could compel production of the program's cloud AI scribe vendor archives as part of the claims documentation sample. The clinical content documented in those sessions is the underlying basis for the level-of-care determinations the insurer made — and a market conduct examiner evaluating whether the insurer's adverse determinations reflected clinically appropriate criteria application may subpoena both the program and, in appropriate circumstances, third-party business record custodians holding the clinical documentation generated during the period under examination.

State parity enforcement has accelerated significantly following the federal MHPAEA amendments in the Consolidated Appropriations Act of 2021 and subsequent DOL enforcement guidance. States including California, New York, Connecticut, and Illinois have conducted well-publicized parity enforcement actions against commercial carriers, and those enforcement actions have drawn on detailed clinical documentation from PHP and IOP programs as evidence of the clinical standard against which the carriers' UR criteria were applied. As state parity enforcement matures, the scope of document production in market conduct examinations — including the scope of third-party record subpoenas reaching PHP and IOP documentation — has correspondingly expanded.

How this differs from outpatient group therapy and from IOP contractor documentation

The adversarial proceedings described above are distinct from those that arise in standard outpatient group therapy documentation, though both contexts involve multi-party PHI in vendor-held group session recordings. The distinction is not primarily about the legal mechanisms — subpoenas and administrative process reach both types of group session archives in the same way. The distinction is about the adversarial actors and the legal frameworks that create the adversarial pathways.

In outpatient group therapy, the primary adversarial pathways to the vendor archive run through civil litigation involving individual group members: a custody dispute, a criminal proceeding, a disability insurance claim, a personal injury tort. The insurance company is present as a payer but not as an active adversary in the UR and parity enforcement sense, because outpatient group therapy does not typically involve concurrent UR authorization and medical necessity determinations of the kind that generate ERISA parity litigation and DOL enforcement investigations. The outpatient group therapy analysis focuses on the multi-party subpoena problem and the HIPAA mechanics of multi-patient PHI in group session recordings — the right framework for outpatient group practice, but not the primary framework for PHP and IOP.

The IOP independent contractor documentation analysis addresses a different set of problems: who owns the documentation when the group facilitator is a 1099 contractor rather than a W-2 employee of the program, whether the program's BAA covers the contractor's personally selected cloud AI scribe, and what happens to the contractor's vendor archive when the contractor's engagement with the program ends. Those are important documentation ownership questions that arise specifically in the contractor employment context. They do not address the group session multi-PHI architecture or the insurance utilization review and ERISA parity enforcement pathways that apply to PHP and IOP group documentation regardless of whether the facilitating clinician is an employee or a contractor.

PHP and IOP programs that use cloud AI scribes for group session documentation face both sets of problems simultaneously: the multi-patient subpoena exposure that applies to any group session vendor archive, the documentation ownership questions that arise when contractors use their own scribes, and the insurance-specific adversarial pathways — UR, ERISA litigation, DOL enforcement, state market conduct examination — that are specific to the PHP and IOP level-of-care determination context. On-device processing addresses all three in a single architectural choice.

On-device processing eliminates the vendor archive

Each of the five adversarial proceedings described above requires the cloud AI scribe vendor archive to exist as an independently held third-party business record. The insurance carrier's UR discovery in ERISA litigation requires a vendor holding session content from the authorization period to subpoena. The ERISA § 502(a) litigant's discovery requires a third-party custodian holding the contemporaneous verbatim session record to compel. The multi-patient subpoena cascade requires a vendor archive containing multiple patients' group session PHI to target. The DOL EBSA's § 1134 administrative subpoena requires a third-party business record custodian holding PHP and IOP session documentation to reach. The state insurance commissioner's market conduct examination requires an independently held clinical record source to subpoena as part of the claims documentation sample.

Remove the vendor archive, and each of those pathways either closes entirely or narrows to the program's own formally held clinical record — where the program can assert applicable HIPAA protections, seek protective orders for other patients' PHI, engage legal counsel before production, and make deliberate decisions about the scope of disclosure. Those protections are meaningful. They are the protections that HIPAA's covered entity framework is designed to provide. A cloud vendor's independently held business records have no equivalent protection: the vendor is not the treating clinician, the vendor has no therapeutic relationship with the patients whose sessions it holds, the vendor typically has no mechanism to notify the treating clinicians or the program before complying with a subpoena, and the vendor's compliance obligations to lawful legal process are governed by the subpoena's validity, not by the program's HIPAA procedures.

When PHP and IOP clinicians use on-device processing for group session documentation, the group session audio is captured and transcribed locally on the clinician's device. The local language model drafts group notes — per-member notes, summary notes, or both, depending on the documentation template — from that local transcription. Nothing in that workflow leaves the clinician's device: no audio, no transcript, no draft note content reaches any commercial cloud server. The vendor architecture that creates the business record the adversarial proceedings compel simply does not exist.

What remains is the program's formal clinical record — the notes the clinicians generated from the local processing, stored in the EHR under the program's standard documentation practices. That record is available for UR review, for ERISA litigation discovery, and for DOL and state regulatory investigations of the program's clinical practices. But it is the clinical record the program controls, holds, and can protect through standard covered entity HIPAA procedures. The independently held vendor archive — the one that contains verbatim group session content, that holds multiple patients' PHI simultaneously in one business record, and that adversarial parties can compel through the vendor without going through the program — does not exist when the documentation workflow stays on-device.

For PHP and IOP programs considering how to document group sessions using AI assistance, the architectural question — does the session content leave the clinician's device, or does it stay on-device — determines the exposure profile for all five adversarial proceedings. A program that processes group sessions on-device retains the documentation efficiency of AI-assisted note drafting while eliminating the vendor archive that creates the specific legal exposure described in this post. A program that uses a cloud AI scribe accumulates a vendor archive whose scope and legal accessibility grow with every group session documented.

The insurance utilization review context adds particular urgency to this architectural question. The insurer that performs concurrent UR of a PHP or IOP admission already has adversarial alignment with the program on the question of whether the level of care is clinically warranted. Adding a cloud AI scribe vendor archive that the insurer's litigation counsel can compel in subsequent ERISA disputes — and that may contain verbatim session content that differs from the formal UR documentation in ways favorable to the insurer's position — is an architectural choice with direct consequences for the program's ability to advocate for its patients in coverage disputes.

FAQ

Can an insurance company access a PHP or IOP group session recording held by a cloud AI scribe vendor during utilization review?

Yes, through multiple pathways. Insurance carriers performing concurrent or retrospective utilization review routinely request clinical documentation from PHP and IOP programs to verify medical necessity for an elevated level of care. When the program uses a cloud AI scribe to document group sessions, the vendor archive constitutes an independently held business record that the carrier can compel through administrative process or civil discovery in ERISA litigation. The vendor archive may capture session content — verbatim group member disclosures, the severity of presentations observed across the group, crisis content that occurred in session — that the formal note abstractly summarizes but does not reproduce in full. That verbatim content becomes evidence in medical necessity determinations and in the ERISA appeals and litigation that follow adverse coverage decisions.

How does MHPAEA interact with cloud AI scribe vendor archives at PHP and IOP programs?

MHPAEA prohibits group health plans and insurers from imposing treatment limitations on mental health and substance use disorder benefits more restrictive than those applied to analogous medical and surgical benefits. In ERISA litigation and DOL enforcement proceedings, the comparative analysis between PHP/IOP mental health claims and analogous medical acute care claims turns on clinical documentation — how session content is documented, what criteria are applied, and how the vendor-held contemporaneous record compares to formal clinical notes. The DOL Employee Benefits Security Administration has broad administrative subpoena authority under 29 U.S.C. § 1134 to compel records from PHP and IOP programs and their third-party vendors as part of parity compliance investigations. Cloud AI scribe vendor archives at PHP and IOP programs can be compelled through this authority as part of MHPAEA comparative analysis.

If one PHP or IOP group member is involved in litigation, can that litigation reach the other group members' disclosures?

Yes. A cloud AI scribe vendor holding a group session recording contains every group member's disclosures simultaneously in one audio file. When any one group member is involved in litigation, their attorney can issue a Rule 45 civil subpoena to the vendor as a third-party business record custodian. That subpoena compels the vendor to produce the recording — which contains the voices and disclosures of every other group member who attended. The vendor's Business Associate Agreement with the program governs the vendor's internal data handling; it does not override a valid civil subpoena directing the vendor to produce records it holds. PHP and IOP programs run multiple groups per day across a week-long admission, meaning the vendor archive for any one patient's admission involves many separate group session recordings, each shared with different subsets of the program's other patients.

How is PHP and IOP group documentation different from outpatient group therapy documentation for cloud AI scribe purposes?

Three differences amplify the risk. First, clinical acuity is higher — patients at PHP and IOP level of care are more acutely symptomatic, and their session disclosures are correspondingly more sensitive. Second, group session volume is higher — a full PHP program may run five or six groups per day, generating a vendor archive that accumulates far more quickly than a once-weekly outpatient group. Third, the insurance company is an active adversary in ways that have no outpatient analog: insurance carriers perform concurrent UR of PHP and IOP admissions, make level-of-care determination decisions with direct financial consequences, and initiate or respond to ERISA parity litigation — creating insurance-sector adversarial pathways to the vendor archive that outpatient group practice does not face in the same form.

Does on-device processing address the utilization review and ERISA litigation vendor archive risk at PHP and IOP programs?

Yes. On-device processing eliminates the vendor archive entirely: group session audio is captured and transcribed locally on the clinician's device, clinical notes are drafted from that local transcription, and no session content leaves the device for a commercial cloud server. Without a vendor archive, there is no third-party business record for an insurance carrier's UR discovery in ERISA litigation to compel, no multi-patient group session recording for one member's attorney to reach through Rule 45, no third-party custodian for EBSA investigators to subpoena through 29 U.S.C. § 1134 authority, and no independently held business record for state insurance commissioner market conduct examiners to access. The formal clinical record — the progress notes and treatment documentation held by the PHP or IOP program — remains available for legitimate UR review and legal proceedings. On-device processing eliminates the separate layer of vendor-held verbatim session content that creates the specific risk profile described in this post.