Is Your Therapist Recording Your Sessions with AI? What Patients Need to Know
If you’re in therapy, you probably assume that what you say stays between you and your therapist. But a growing number of mental health professionals are bringing a third party into the room: artificial intelligence. According to a November 2025 Forbes report, therapists are now using generative AI tools during live sessions to transcribe conversations, generate clinical notes, and even analyze patient speech patterns. The catch? Many patients are never told it’s happening.
This raises a serious question for anyone in or considering therapy: What exactly happens to that data, and what can you do to protect it?
What Happened: How AI Is Showing Up in Therapy
The use of AI in therapy sessions is not a fringe trend. Tools like Otter.ai, Heidi, and other AI-powered note-takers are being marketed directly to clinicians as a way to reduce paperwork and improve session documentation. The workflow is simple: the therapist records the conversation (usually with a smartphone or laptop microphone), the audio is uploaded to a cloud server, and the AI generates a transcript and summary notes. Some tools go further, analyzing tone, speaking pace, or emotional keywords.
The data collected can include:
- Full audio recordings of sessions
- Written transcripts
- Metadata such as session date, duration, and possibly the therapist’s notes
- For some tools, biometric or emotional analysis derived from voice
This data is typically processed on third-party servers. While many AI vendors claim compliance with HIPAA (the U.S. health privacy law), not all of them are, and the burden of verifying compliance falls on the therapist. A 2025 NPR article also noted that patients themselves are increasingly running personal health information, including therapy-related content, through chatbots like ChatGPT — adding another layer of data exposure.
Why It Matters: The Privacy Risks
The most immediate risk is a data breach. Therapy sessions can contain some of the most sensitive information about a person — mental health diagnoses, trauma histories, relationship conflicts, and personal secrets. If that data is stored on cloud servers, it becomes a target for hackers. In 2023, a breach at a mental health platform exposed the private notes of millions of users.
Even without a breach, there are subtler risks. Some AI tools claim to de-identify data, but re-identification is often possible, especially with voice recordings and detailed transcripts. There have been cases where therapy data was used to train AI models without patient consent. Additionally, insurers or employers could potentially gain access to de-identified data and use it to make coverage or hiring decisions.
Finally, there is the risk of data persistence. Once a recording is processed, it may be stored indefinitely. Even if you later decide you don’t want it there, requesting deletion can be difficult, especially if the data has already been fed into a model.
What Readers Can Do: Practical Steps to Protect Your Privacy
You are entitled to know what happens to your session data. In most places, therapists are required to obtain informed consent before recording any session, but this requirement is not always followed or understood when it comes to AI tools. Here are specific steps you can take.
Ask direct questions early. Before your next session — or when choosing a new therapist — ask:
- “Do you use any AI tools to record, transcribe, or analyze our sessions?”
- “If so, which tool, and is it HIPAA-compliant?”
- “How is my data stored, and who has access to it?”
- “How long is the data kept, and can I request its deletion?”
Request no recording. You have the right to decline any form of recording. If your therapist insists that AI note-taking is standard practice, ask whether they can take notes manually instead. If they cannot accommodate that, consider whether that therapist is the right fit.
Review your consent forms. Therapists should have a written consent document that explains data practices. Read it carefully. If it mentions recording, AI, or third-party services, ask for clarification before signing.
Consider a written agreement. If you are comfortable with limited recording, you can ask for a written agreement that specifies exactly how the data will be used, who can access it, and what happens if you later withdraw consent.
Check for deletion options. After a session where you suspect AI was used, follow up with a written request to confirm whether any recording or transcript exists and to request its deletion. Keep a copy of that communication.
Be cautious about sharing details outside sessions. The NPR report highlighted that some people are running therapy insights through ChatGPT or other consumer AI tools. Even if you trust your therapist, the data you put into a public chatbot is far less protected.
Sources
- Forbes, “Mental Health Therapists Are Surprisingly Making Use Of Generative AI During Actual Client Therapy Sessions,” November 2025.
- All About Cookies, “Your Therapist May Be Using AI to Record Your Sessions. Here’s What Happens to That Data,” May 2026.
- NPR, “Running your lab results by ChatGPT? Here’s what to keep in mind,” September 2025.
The decision to use AI in therapy is still new, and the regulations around it are not fully settled. The benefits — reduced paperwork, better recall for clinicians — are real, but they should not come at the cost of patient trust. Asking questions is not an accusation; it is a reasonable step toward making sure the technology serves you, not the other way around.