Veterans and military mental health records: VA documentation, DoD chain-of-command concerns, MST disclosure, and AI scribes in community care

The three-track records landscape for veterans

Veterans receiving mental health care in 2026 move through one of three settings, each with a distinct records environment:

VA medical centers (VAMCs). Records are maintained in the VA's health information system — currently transitioning from legacy VistA/CPRS to Oracle Health (Cerner Millennium) under the VA's ongoing Electronic Health Record Modernization program. VA treatment records exist in a dual-purpose world: they are both clinical records and potential evidence for disability compensation proceedings managed by the separate Veterans Benefits Administration (VBA). A veteran who receives mental health treatment at a VAMC and later files a disability claim for PTSD or a related condition is asking the VBA to adjudicate that claim in part on the basis of the records generated during that treatment.

TRICARE-authorized community care. Private-practice therapists who see veterans or active-duty military members through TRICARE or the VA's Community Care Network (CCN) submit claims to payers that create administrative records outside the treating therapist's direct control. The clinical relationship is civilian and HIPAA-governed; the billing chain creates records in TRICARE's contractor systems that are accessible in ways a purely private-pay relationship would not be.

Private-pay therapy. Veterans who pay out-of-pocket for care from private-practice clinicians, with no TRICARE billing and no VA referral, have the narrowest administrative records trail. Many veterans specifically choose this option because they want their session content to exist only in their therapist's files — outside any system connected to the VA or DoD. The clinical relationship is straightforwardly HIPAA-governed. The introduction of a cloud AI scribe into this setting can undermine the privacy assurance the veteran believed they were purchasing by going private-pay.

VA records and VBA disability access: when treatment records become evidence

The Veterans Benefits Administration adjudicates disability compensation claims for mental health conditions including PTSD, depression, anxiety disorders, and MST-related conditions. The VBA uses VA treatment records as evidence for rating decisions — determining the level of service-connected disability, which drives monthly compensation amounts.

When a veteran files a disability claim and signs VA Form 21-4142 (Authorization and Consent to Release Information to the Department of Veterans Affairs), they authorize the VA to request records from non-VA providers. The form is standard in the claims process and is often signed without careful review of its scope. A veteran who is seeing a community-care therapist for PTSD treatment while simultaneously pursuing a disability claim for that condition may be signing an authorization that effectively directs the VBA to their therapist's records.

The VBA uses treatment records to assess the frequency and severity of symptoms, the level of occupational and social impairment, and the consistency of the clinical history with the claimed disability. Clinical documentation that the therapist wrote for treatment purposes — progress notes that capture the veteran's worst weeks, the symptom exacerbations, the crisis presentations — becomes disability evidence read by rating specialists who may apply it differently than the treating therapist intended.

This is not a problem the therapist can solve by being more careful with note content. It is a structural feature of the VA disability system. What a cloud AI scribe adds is a second archive — session audio and verbatim transcript held independently by the vendor — that is subject to the same VBA access pathways and additionally to civil subpoena, TRICARE audit, and ordinary breach risk. The veteran's candid session disclosures, intended for a confidential therapeutic relationship, exist in an additional location the veteran and therapist may not have considered.

DoD chain-of-command fears and community-care disclosure

Active-duty service members and recently separated veterans carry a fear of chain-of-command access to mental health records that has been consistently documented in military mental health research. The fear is not irrational — it has a basis in real policy and real career consequences experienced by fellow service members.

Under DoD Instruction 6490.08, mental health providers working at military treatment facilities have mandatory reporting obligations when a service member's mental health condition directly affects fitness for duty, poses a safety risk, or has security clearance implications. These reporting pathways apply to MTF providers. They do not apply in the same way to civilian community-care therapists operating under HIPAA. However, service members who seek community care through TRICARE often do not know this distinction. They carry the fear regardless of setting — and that fear shapes what they say in session.

A veteran (as opposed to active-duty member) no longer faces the command access risk directly. But the pattern of selective disclosure, established during service, often persists. Veterans seeing community-care therapists may minimize symptoms, omit the most sensitive experiences, or test the therapeutic relationship before disclosing the material that is clinically most important. When they do begin to disclose — combat events involving difficult decisions, MST experiences, substance use history, suicidal periods they managed alone — the session content is among the most sensitive material in mental health practice.

National Guard and Reserve members who have been activated face an intermediate situation. Outside federal activation, their community-care therapy is governed by civilian HIPAA rules. During activation, they may be treated at MTFs where different reporting structures apply. The transition between these environments is rarely clean, and Guard/Reserve members may not know which rules applied at any given point in their treatment history.

For community-care therapists, the practical implication is that veteran clients often take many sessions to disclose the content most relevant to their treatment — and that when they do, the session captures clinically important information they have not told anyone else. Cloud AI scribes capture and hold all of it, independent of the therapist's chart.

Military Sexual Trauma: documentation in community care settings

Military Sexual Trauma (MST) is a VA designation for sexual assault or sexual harassment experienced during military service. The VA provides free mental health treatment for MST-related conditions to all veterans who served — no copay, no disability rating required, no formal MST determination needed before beginning care. A veteran self-identifies to a VA MST coordinator and is referred to treatment.

The numbers are significant. Roughly 25% of women who use VA health care report MST. Among men — who constitute the majority of the veteran population — approximately 1% report MST, which represents a large absolute number. MST is associated with elevated rates of PTSD, depression, substance use disorders, and suicidality. It is one of the most common presenting concerns in both VA and community-care settings for veterans.

Many MST survivors receive community care rather than VA mental health treatment. They may choose this because their regional VAMC has a wait list for MST-specialized services, because they prefer the privacy of a non-VA setting, because a trusted private-practice therapist already sees them, or because they do not want MST-related treatment documentation in their VA record where it could be accessed by VBA adjudicators during a disability proceeding.

When an MST survivor discloses their trauma in a community-care therapy session, the clinical content includes material with no civilian equivalent in its sensitivity or potential consequence:

• Perpetrator identification: Names, ranks, and unit affiliations of the individuals who committed the assault or harassment — people who may still be serving, who may have career interests in preventing disclosure, or whose families have connections to military or government systems.
• Incident specifics: Dates, locations, and circumstances of assault that correspond to documented military assignments. This information, in combination with service records, can identify specific incidents with precision.
• Reporting history: What the survivor reported or did not report, to whom, and what the response was — including descriptions of chain-of-command discouragements, threats, or retaliation that are relevant to military justice proceedings.
• Medical and behavioral sequelae: Specific symptoms, self-medication history, periods of suicidality, and the impact on the survivor's career and relationships since the assault.

When a cloud AI scribe processes a session in which an MST survivor discloses this content, the vendor holds independent business records containing all of it. The vendor's archive is subpoenable in civil litigation, potentially accessible in administrative proceedings, and subject to breach risk from the vendor's security environment. The survivor's decision to seek community care for precisely the reason that they wanted this material to stay outside institutional systems is operationally undermined.

What cloud AI scribes capture from veteran sessions

Understanding the specific content a cloud AI scribe captures during a veteran's PTSD or MST session clarifies the exposure profile beyond the general disclosure risk that applies to any therapy client.

A veteran PTSD session conducted with a cloud-based scribe running places the following in the vendor's archive:

• Combat narrative verbatim: Specific engagements, locations (often named), orders followed or not followed, deaths witnessed or caused, moral injury content. This material is clinically necessary for PTSD treatment and operationally explosive if disclosed outside the clinical relationship.
• VA disability claim context: Many veterans in community-care treatment are concurrently pursuing disability claims. Session discussions may include what rating the veteran is seeking, what they have told C&P (compensation and pension) examiners, and how their functional presentation compares to their self-reported symptoms. This material is particularly sensitive because it exists at the intersection of treatment and administrative advocacy.
• Symptom severity as disability evidence: PTSD symptoms described in session — frequency of nightmares, avoidance behaviors, startle response, emotional numbing, irritability, concentration difficulty — map directly to the Global Assessment of Functioning (GAF) and the VA's own rating criteria. Verbatim symptom descriptions in the vendor's archive are potentially useful to VBA adjudicators evaluating the severity of service connection.
• Substance use history: Self-medication with alcohol or other substances is common in veterans with untreated or undertreated PTSD. Session disclosures about substance use — which the veteran may report freely in a therapeutic relationship they believe is confidential — can have implications for VA disability ratings (substance use secondary to service-connected PTSD can itself be service-connected) and for other purposes the veteran did not intend.
• Suicidal ideation and crisis content: The veteran suicide rate is approximately twice the age-adjusted civilian rate. Crisis disclosures, safety planning sessions, and suicidal ideation assessments are common in this population. The content of these sessions — means access, prior attempts, intent, plan — is held in the vendor's archive as independently available business records.

For veterans who sought community-care therapy specifically to keep their session content away from VA and DoD systems, the discovery that a cloud AI scribe vendor independently holds this material would be a significant breach of the confidentiality they believed they had arranged.

TRICARE billing and the administrative records trail

Community-care therapists who bill TRICARE submit claims that create records in TRICARE's administrative systems. The claims data includes the provider's NPI, the veteran's beneficiary ID, diagnosis codes, service dates, and the billed procedure codes. This information is visible to TRICARE's managed care support contractors and subject to TRICARE audit and utilization review.

Session notes are not typically transmitted in the claims submission. But TRICARE audits can request supporting documentation, and utilization review can require that the provider supply clinical records to justify continued authorization for treatment. The diagnosis codes in the claims record independently reveal the existence of mental health treatment, the diagnostic categories being treated, and the treatment intensity — without the note itself being produced.

For telehealth delivery — which is common for veterans in rural areas and for Guard/Reserve members who lack a nearby in-network provider — multi-state licensure and TRICARE telehealth billing create additional administrative records across state lines. Veterans who see community-care therapists via telehealth may not fully appreciate that the claims record documents each session with date, time, and billing amount, creating a longitudinal record of treatment in TRICARE's systems independent of the therapist's chart.

The cloud AI scribe vendor's archive adds a third locus of records — separate from the therapist's chart and separate from TRICARE's claims system — containing the most complete version of the session content: verbatim audio and transcript, not just billing codes.

On-device processing: single-custodian solution

When audio, transcript, and note content are processed entirely on the therapist's Mac — never transmitted to a cloud vendor — there is no independent vendor archive. The vendor cannot be subpoenaed for session content it never received. TRICARE auditors seeking records beyond the therapist's own documentation have no independent vendor to approach. VBA disability adjudicators collecting non-VA treatment records face only the therapist's chart, accessible with appropriate authorization under normal HIPAA rules.

For community-care therapists treating veterans with PTSD, MST histories, TBI-related psychological conditions, or complex military-adjacent trauma, on-device processing means that the session content — including combat narratives, MST disclosures, substance use history, and crisis documentation — exists only in the custody of the treating clinician. The therapist can respond to any legal or administrative request for records by applying standard HIPAA protections, asserting applicable privileges, and making clinical-legal judgment calls about what to produce. None of those protections extend to a cloud vendor's independently-held archive, because that archive does not exist.

Veterans who choose community care specifically to keep their session content outside VA and DoD systems are exercising a reasonable privacy preference. When the therapist uses an on-device AI scribe, that preference is architecturally honored. A business associate agreement with a cloud vendor is a contractual privacy assurance. It does not prevent the vendor from holding the records, does not prevent the records from being subpoenaed, and does not eliminate the vendor's independent breach surface. On-device processing eliminates the vendor's records custody entirely.

For therapists whose community-care practice includes a meaningful proportion of veterans — particularly those treating MST survivors, veterans with complex combat trauma, or veterans concurrently pursuing disability claims — the choice of AI scribe is not a marginal feature decision. It determines whether the session content exists in one custody location or two, and whether the therapist's application of HIPAA protections applies to all of the records or only to a subset.