Summary: PsychAssistAI is a HIPAA-certified platform built exclusively for mental health professionals. We never store Protected Health Information (PHI) on local devices, never use patient data to train AI models, and require signed Business Associate Agreements with both AWS and Zoom. Your patients' data is yours โ completely.
PsychAssistAI, LLC ("PsychAssistAI," "we," "us," or "our") is a healthcare technology company that provides AI-powered clinical documentation and compliance tools exclusively for mental health professionals. Our platform is accessible at psychassistai.com.
This Privacy Policy explains how we collect, use, store, protect, and share information when you use our platform. By using PsychAssistAI, you agree to the practices described in this policy.
If you are a covered entity under HIPAA and use our platform to process Protected Health Information, a separate Business Associate Agreement (BAA) governs the handling of PHI and supplements this Privacy Policy.
We collect two categories of information:
Account & Practice Information
Clinical Data (PHI โ Handled Under BAA)
Usage & Technical Information
We do not sell your information to third parties. We do not use your clinical data for advertising purposes. We do not use PHI for any purpose not authorized by your BAA.
PsychAssistAI is a Business Associate under HIPAA. We process Protected Health Information on behalf of covered entities (licensed mental health professionals) under the terms of our Business Associate Agreement.
Our HIPAA obligations include: implementing appropriate administrative, physical, and technical safeguards; reporting breaches of unsecured PHI within the timeframes required by the HIPAA Breach Notification Rule; ensuring our subcontractors who access PHI sign appropriate BAAs; and using and disclosing PHI only as permitted by our BAA and applicable law.
All PHI processed through PsychAssistAI is subject to HIPAA's Privacy Rule, Security Rule, and Breach Notification Rule. If you believe there has been a breach of your patients' PHI, contact us immediately at (571) 214-6228 or support@psychassistai.com.
No Protected Health Information is ever downloaded to or stored on any local device โ including laptops, phones, tablets, or desktop computers.
All session recordings, transcripts, and generated clinical notes are stored exclusively on HIPAA-eligible AWS infrastructure. When you review and approve a note on our platform, that note is transmitted directly to your EHR system โ it does not pass through your local device's storage.
This design is intentional and non-negotiable. Local devices are the most common source of HIPAA breaches โ through loss, theft, and accidental sharing. By eliminating local PHI storage entirely, we eliminate that risk category for your practice.
PsychAssistAI integrates with Zoom Business via OAuth. When you connect your Zoom account, we request access only to retrieve completed cloud recordings from your Zoom cloud storage. We do not access your Zoom contacts, messages, or calendar.
Important: A Zoom Business plan (or higher) with cloud recording enabled, HIPAA mode active, and a signed Zoom BAA is required to use PsychAssistAI. Local recording must be disabled. Using local recording with patient sessions is a HIPAA violation risk โ local devices do not provide the security controls required by HIPAA.
Session recordings are retrieved from your Zoom cloud storage, processed on AWS infrastructure to generate transcripts and clinical notes, and then the raw recording file is deleted from our processing queue. Long-term storage of recordings is governed by your BAA and applicable state mental health record retention laws.
All PsychAssistAI customers who use the platform to process PHI must sign our Business Associate Agreement before accessing clinical features. The BAA is presented and executed during onboarding.
PsychAssistAI maintains BAAs with our key infrastructure providers:
We will not process PHI on behalf of any customer who has not executed a valid BAA with PsychAssistAI.
We share information only in the following circumstances:
We do not sell, rent, or trade your personal information or PHI to any third party for marketing or commercial purposes.
Your patient session data is never used to train any AI model โ ours or anyone else's.
PsychAssistAI uses Claude, an AI model provided by Anthropic via Amazon Bedrock, to generate clinical notes from session transcripts. When we send data to Claude for processing:
The AI generates a draft clinical note which is then presented exclusively to the authorized clinician for review, editing, and approval. AI-generated content is a tool to assist clinicians โ the clinician is always the final authority on every note.
We retain data in accordance with HIPAA requirements and applicable state mental health record retention laws. As a general framework:
Upon termination of your account, we will provide you with a data export upon request and will delete or de-identify your data in accordance with our BAA and applicable law.
Depending on your location and applicable law, you may have the following rights regarding your personal information:
For PHI: Patient rights under HIPAA (including the right to access, amend, and receive an accounting of disclosures of their PHI) must be exercised through the covered entity (your practice), not through PsychAssistAI directly. As a Business Associate, we will cooperate with you to facilitate patient rights requests.
To exercise any of the above rights, contact us at (571) 214-6228 or support@psychassistai.com.
Our marketing website (psychassistai.com) uses cookies and similar technologies to:
The clinical application does not use third-party advertising cookies or tracking pixels. No PHI is ever processed through any tracking or analytics system.
You may disable cookies through your browser settings. Disabling certain cookies may affect the functionality of our platform.
PsychAssistAI is designed for use by licensed mental health professionals. Our platform is not directed to children under the age of 18 and we do not knowingly collect personal information from children under 18 as direct users of the platform.
If your practice provides services to minor patients, the processing of their PHI through our platform is subject to our BAA and HIPAA. Additional state-specific requirements for minor mental health records may apply and are your responsibility as the covered entity.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email at the address associated with your account and by posting a notice on our platform at least 30 days before the changes take effect.
Your continued use of PsychAssistAI after the effective date of any updated Privacy Policy constitutes your acceptance of the changes. If you do not agree to the updated policy, you must discontinue use of the platform before the effective date.
If you have questions about this Privacy Policy, want to exercise your rights, or need to report a potential HIPAA breach, please contact us:
PsychAssistAI, LLC
Privacy & Compliance Officer
๐ (571) 214-6228
๐ง support@psychassistai.com
๐ psychassistai.com
For HIPAA breach reports, please call our direct line immediately. We have a 60-day notification obligation under the HIPAA Breach Notification Rule and take all potential breaches extremely seriously.