Key takeaways
- That you use AI-assisted documentation
- The name of the vendor (and that you will notify if it changes)
- That audio is captured, transcribed, processed by AI, then deleted
- That the clinician reviews and signs every note
Capture mechanics — pick one that fits your platform
| Method | How it works | Best for | Watch out for |
|---|---|---|---|
| Browser extension | Captures the browser tab's audio output during the call | Zoom-web, Google Meet, Doxy, SimplePractice telehealth | Doesn't capture if you use the Zoom *desktop app* |
| Desktop app | Captures system audio via a virtual audio device | Any platform incl. Zoom desktop, FaceTime, phone-bridged sessions | More setup; macOS Sonoma+ permission prompts |
| Mobile app | On-device microphone in office, or screen-record on phone telehealth | In-person, phone sessions | Battery; backgrounding kills capture on iOS unless configured |
| Native platform integration | Vendor-built integration into your telehealth platform | Rare; check vendor's integration page | Read the data-flow doc carefully — some send audio twice |
If you alternate between Zoom desktop and SimplePractice telehealth, pick a tool with both browser extension *and* desktop app (Upheal, Mentalyc).
Consent — the bit most practices get wrong
Written consent at intake Add a section to your written agreement covering:
- That you use AI-assisted documentation
- The name of the vendor (and that you will notify if it changes)
- That audio is captured, transcribed, processed by AI, then deleted
- That the clinician reviews and signs every note
- The client's right to opt out without prejudice to care
- For US: that the session is being recorded for documentation purposes
Verbal consent at session start For the first ~3 sessions with any client, get explicit verbal consent at the start of the recorded portion: *"As we discussed at intake, I'm using an AI tool to help me draft notes. It captures audio during the session, I review and sign the note afterwards, and the audio is deleted. Are you still comfortable with that today?"* After 3 sessions, periodic re-confirmation (quarterly) is good practice.
Two-party consent jurisdictions (US) California, Florida, Illinois, Maryland, Massachusetts, Montana, New Hampshire, Pennsylvania and Washington require all-party consent for recordings. Your written + verbal consent process covers this; the legal exposure is failing to capture either.
EU / UK Under GDPR / UK GDPR, explicit consent is your Article 9 lawful condition (see UK guide). Treat the audio as special-category data from the moment it is captured.
Compliance checklist for telehealth + AI scribe - [ ] BAA (US) or DPA (EU/UK) signed and stored - [ ] Encrypted audio in transit (TLS 1.2+) and at rest (AES-256) - [ ] No training on customer data — explicit clause - [ ] Audio retention policy understood (ideally deleted within 24h of note generation) - [ ] Subprocessors list reviewed and acceptable - [ ] Audit log of session access available on request - [ ] Telehealth platform's TOS allow third-party recording (most do; Doxy and SimplePractice explicitly permit it with consent) - [ ] Consent language in intake paperwork and verbal-confirmation script ready
Practical setup notes - Audio quality matters more on telehealth than in-person. Ask clients to use earbuds; bad acoustic feedback is the #1 cause of transcription errors that become note inaccuracies. - Disable cross-talk suppression in Zoom's advanced audio if you do couples or family on telehealth — it strips overlapping speech, which is the data you most need. - Test before going live. Run a fake session with a colleague on each platform you use.
When *not* to use ambient capture on telehealth - Clients with active paranoia, especially around recording or surveillance - Court-mandated clients where the recorded audio (even if deleted) creates discovery concerns the client doesn't want - Forensic evaluations - First session with a client whose consent capacity is unclear
In these cases, fall back to dictation-after or manual notes for now. You can revisit later.