Tarasoff, duty-to-warn, and the AI scribe: when mandatory disclosure creates a documentation problem

The 1976 California Supreme Court decision in Tarasoff v. Regents of the University of California established a proposition that has since been codified in some form in most U.S. states: a therapist who learns that a client poses a credible, serious threat of harm to an identifiable person has a legal duty to take reasonable protective action. Every licensed mental health professional in clinical practice today has received some version of this training. The duty-to-warn framework shapes how therapists conduct risk assessments, document sessions where violent ideation emerges, and make protective disclosures.

What Tarasoff training rarely addresses is what happens to the documentation of a duty-to-warn event when a cloud AI scribe was present. In 2026, a growing number of clinicians route their session audio through a cloud-based transcription and note-drafting tool. The clinical note is what the therapist produces, reviews, and places in the designated record set. But the cloud vendor has something more complete: verbatim audio and a full transcript of the session in which the client made the threat. That record exists on the vendor's infrastructure, subject to the vendor's own retention schedule and the vendor's own legal obligations — independently of the therapist's clinical records and independently of anything the therapist does next.

What Tarasoff documentation actually requires

State duty-to-warn statutes vary, but the documentation framework they imply is consistent enough to describe in general terms. When a client makes a specific, credible threat against an identifiable person — the threshold varies by jurisdiction, but typically requires a plausible, serious threat against a named or readily identifiable individual — the therapist is expected to document the event in a way that creates a contemporaneous record of what happened and what the therapist did about it.

That documentation typically covers four components. First, the nature of the threat: who was threatened, what was threatened, the clinical context in which the disclosure occurred, and any relevant history (prior threats, prior violent behavior, access to weapons, recent destabilizing events). Second, the risk assessment: the factors the therapist weighed in evaluating the credibility and seriousness of the threat, any consultation sought (from a colleague, supervisor, or attorney), and the clinical reasoning that led to the conclusion that a protective action was or was not required. Third, the protective action taken: the warning delivered, law enforcement notified, voluntary or involuntary hospitalization pursued, safety planning conducted with the client, or the therapist's documented reasoning for an alternative approach. Fourth, follow-up steps: monitoring plan, next appointment, coordination with collaterals.

This documentation is clinically and legally critical. When a failure-to-warn claim is brought — typically in a wrongful death or personal injury action by someone harmed by a client whose threat the therapist allegedly failed to address adequately — the therapist's documentation is the primary evidence of what they knew, what they assessed, and what they did. A well-documented Tarasoff response is the therapist's strongest defense. A poorly documented one — or an undocumented one — is a liability exposure even if the clinical response was appropriate.

What the cloud AI scribe captures in a duty-to-warn session

A clinical note is an interpretive summary. The therapist selects what to document, frames the clinical content, and produces a structured record. Cloud AI scribes produce a different kind of record first: verbatim audio, a verbatim transcript, and often an intermediate draft from which the final note is edited. The note the therapist places in the clinical record is downstream of these intermediate artifacts.

In a session where a client makes a Tarasoff-triggering threat, a cloud scribe captures all of it: the client's exact words describing the threat, the affect with which those words were delivered, the victim's name as the client spoke it, the surrounding conversational context, the therapist's initial in-session response, and the clinical context that preceded and followed the disclosure. If the client walked back the threat, that retraction is in the audio. If the client escalated it, that escalation is in the audio. The therapist's clinical note — written after the session, under compression, shaped by clinical judgment about what is material — will capture some of this. The vendor's audio captures all of it.

In evidentiary terms, the audio and transcript are more probative than the note for most of the questions that Tarasoff litigation asks. How specific was the threat? How serious did it appear? How did the therapist respond in the moment? What did the client say after the therapist's initial response? The clinical note answers the therapist's summarized version of these questions. The vendor's audio answers them verbatim.

The independent subpoena problem in Tarasoff litigation

When Tarasoff litigation arrives — whether a tort suit against the therapist for failure to warn, a criminal prosecution of the client, or a licensing board investigation — subpoenas can reach cloud vendor records directly. The mechanism is the same as in any other litigation: a subpoena served on the vendor as a third party holding documents relevant to the proceedings, in the vendor's jurisdiction, under its own legal counsel's advice.

The therapist's privilege assertion over the therapist's own records does not automatically travel to the vendor's copy of the same session. The psychotherapist-patient privilege — recognized as a federal privilege under Jaffee v. Redmond (1996) and codified in most state evidence codes — applies to communications between patient and therapist made in the context of the therapeutic relationship. Whether and how that privilege extends to independently held vendor records of those communications is a question that courts are still developing doctrine on. The vendor's BAA with the therapist governs the vendor's HIPAA obligations; it does not resolve the evidentiary privilege question in litigation. What a BAA does not cover includes the vendor's response to its own litigation, its own regulatory inquiries, or a subpoena served on it as a separate legal entity.

The Tarasoff context adds a specific complication: in many states, the psychotherapist-patient privilege is limited or inapplicable when the client's communications relate to an actual threatened crime or harmful act. Several state evidence codes include a "dangerous patient" exception that permits disclosure of patient communications in precisely the circumstances where a Tarasoff duty arises — a specific threat of serious harm to an identifiable person. This exception is designed to enable the therapist to warn without privilege liability; its effect in the context of the vendor's records is that the very communications most likely to trigger Tarasoff — the verbatim threat, the victim's name, the surrounding escalation — may be the communications least protected by privilege in subsequent proceedings.

The practical result is a scenario where the therapist's carefully written Tarasoff documentation — designed to demonstrate compliance and limit liability — sits alongside a vendor's verbatim audio record of the session in which the threat occurred, and the vendor's record is independently reachable. The victim's family's attorney in a wrongful death suit, the prosecutor in a criminal case, and the licensing board investigator each have their own legal pathways to the vendor's records that bypass the therapist's control over how the event is framed and presented.

Mandatory reporting: the same structure, broader population

The duty-to-warn analysis applies equally to mandatory reporting obligations. Every licensed mental health provider is a mandatory reporter for child abuse and neglect. Most states extend mandatory reporting obligations to elder abuse and abuse of other vulnerable adults. When a mandatory-report-triggering disclosure occurs in a cloud-scribed session, the vendor captures verbatim audio of that disclosure.

A child abuse disclosure in session — a minor client describing abuse, or an adult client describing abuse of a child in their household — is exactly the kind of high-intensity, high-stakes clinical content that therapists handle carefully. The mandatory report to child protective services creates a legal record. The CPS investigation, any subsequent custody proceeding, and any criminal prosecution of the alleged abuser all may involve subpoenas or court orders for therapy records. The HIPAA distinction between psychotherapy notes and progress notes matters here: the mandatory report itself and the clinical documentation of the disclosure are progress notes in the designated record set; any separately maintained process notes about the disclosure might qualify for the stronger protections of psychotherapy notes. The cloud vendor's session audio doesn't fit cleanly into either category — it is the vendor's business record of a processing transaction, and its evidentiary treatment in proceedings involving child abuse allegations is developing case law.

The mandatory reporting parallel matters because it affects a much larger proportion of the clinical population than Tarasoff-triggering violence threats. Most clinicians will go their entire careers without a Tarasoff event that reaches litigation. Most clinicians who work with children, families, or vulnerable adults will make at least one mandatory report. The documentation custody problem is not a tail risk; it is a routine exposure for any therapist who uses a cloud scribe and works with populations where mandatory reporting applies.

On-device drafting and documentation custody

When session audio is processed on the therapist's own hardware rather than transmitted to cloud infrastructure, the custody structure for duty-to-warn and mandatory reporting events is simpler. The session audio — including any Tarasoff-triggering content, any mandatory-report-triggering disclosure — stays on the therapist's device. The therapist's clinical records system holds the note that the therapist composed, reviewed, and approved. There is no vendor holding an independent copy of the session on remote infrastructure.

When legal process arrives in connection with a Tarasoff event — a subpoena in a civil suit, a criminal proceeding, a licensing investigation — the therapist's attorney works with one set of records, in one location. There is no separate subpoena pathway to a cloud vendor's datacenter holding verbatim audio that the therapist did not draft and does not control. The therapist's documentation, in the therapist's custody, is the complete record of the session — not a summary sitting alongside an independently held, more complete version that a party adverse to the therapist can reach through a separate legal channel.

This is a structural advantage, not a privacy-compliance one. The cloud vendor's records are not a HIPAA violation — they are processed under a BAA, in a compliant data architecture. The problem is not the vendor's HIPAA compliance; HIPAA covers only the therapist's own compliance obligations, not the downstream evidentiary consequences of having a second custodian for the most sensitive clinical content the therapist generates. A business associate agreement does not prevent subpoenas; it does not prevent criminal proceedings; it does not prevent licensing board investigations. It specifies how the vendor handles the data it holds, not whether courts can reach it.

TherapyDraft processes session audio entirely on the therapist's Mac — Whisper.cpp for transcription, an on-device language model for note drafting on Apple Silicon, no data transmitted to cloud infrastructure for audio, transcript, or note text. For clinicians whose practice generates Tarasoff risk — clients with violent histories, clients in acute interpersonal conflict, clients expressing specific ideation — and for mandatory reporters treating children, families, and vulnerable adults, the absence of a cloud vendor in the documentation chain means that the verbatim record of the most legally significant clinical events stays under one custodian. Solo plan starts at $49/month with a 10-session free trial and no card required.

Further reading

• Can an AI therapy note be subpoenaed? A 2026 legal-risk explainer — how civil and criminal subpoenas reach cloud AI vendors directly, the dual-subpoena structure explained, and what the therapist can and cannot control
• The 7 things Mentalyc, Upheal, and Blueprint actually send to their servers — the verbatim-vs.-summarized record distinction and what intermediate artifacts cloud scribes retain beyond the final note
• What is a BAA, actually — and what it does NOT cover — the four structural limits of business associate agreements and why a signed BAA does not prevent the vendor's records from being subpoenaed in separate litigation
• Psychotherapy notes vs. progress notes: what HIPAA actually says — the legal distinction between the two record types, which AI scribes generate, and how that distinction affects access in legal proceedings
• HIPAA for private-practice therapists — the 2026 rewrite — the full compliance posture for a solo private practice and the 2026-specific risk landscape, including the AI scribe subsection

This post is educational commentary, not legal, clinical, or compliance advice. Tarasoff duties, duty-to-warn statutes, mandatory reporting laws, psychotherapist-patient privilege, dangerous-patient exceptions, and the evidentiary treatment of cloud vendor session records vary significantly by jurisdiction and change over time. The legal treatment of cloud AI scribe records in tort litigation, criminal proceedings, and licensing board investigations is an area of developing law with limited published precedent. Consult a licensed healthcare attorney in your jurisdiction before making documentation or technology decisions based on this content. Mandatory reporting obligations should be fulfilled as required by applicable law regardless of the documentation tool used.