A managed, on-prem AI system for therapy groups, counseling centers, and mental-health practices. Session-note drafts with strict review, intake summaries, and admin follow-up — on hardware your practice controls. Designed around HIPAA, state mental-health rules, and the privacy expectations your clients walk in with.
Therapy notes carry a higher privacy bar than typical PHI. Many states give psychotherapy notes extra protection. Cloud chatbots aren't a fit for any of that. Three frictions our therapy clients walk in with.
Under HIPAA, psychotherapy notes get heightened protection — separate authorization in many cases, narrower disclosure, often kept apart from the rest of the chart. Public-cloud AI workflows don't recognize that distinction.
Many states layer additional protections on mental-health records. A national consumer chatbot can't track state boundaries. A managed appliance can be configured per office and per state if your group spans multiple jurisdictions.
Trust matters here more than in most other regulated work. "On hardware in our locked closet" is a legitimately better answer than "we use a third-party vendor that signed a BAA." Both can be defensible; one earns more trust.
Documentation reduction with strict review. Clinical judgment, treatment planning, and assessment stay with the clinician.
Recorded sessions or clinician audio dictation → structured note drafts. Mandatory clinician review and edit before anything lands in the chart. The system never auto-finalizes a note.
Intake forms and prior records → a structured summary delivered to the clinician before first contact. Saves the front-loaded admin minutes that get in the way of the actual session.
Auto-populate standard sections of a treatment plan from intake and recent session notes — for clinician edit and signoff. The system generates structure; the clinician owns the substance.
Recall lists, post-session follow-up, billing-coordination drafts, and patient-instruction language. Front-desk acceleration with mandatory signoff before patient communication.
Defaults matter more here than anywhere else. Sensitive notes are local-by-default, with cloud disabled for note-touching workflows unless your policy explicitly allows it for narrow tasks.
Session notes, treatment plans, assessment results, and crisis-related documentation are configured to never leave the appliance. There's no "oops" path.
Multi-office groups get partitioned indexes, partitioned access, and per-state policy overlays. Your Massachusetts office and your Connecticut office can carry different retention rules.
The Security Rule expects access logs. Therapy practices need them tighter — scoped to the clinician treating the client, with breach-response workflow ready for state-specific notification timelines.
The system never finalizes a note, treatment plan, or client communication on its own. Every output is a draft with a mandatory review gate before it counts.
Wilcoe Private AI is designed around your HIPAA + state obligations. Final compliance signoff is practice-specific and remains with your privacy officer or compliance counsel. Read the full HIPAA & BAAs explainer →
A representative starting point. Right-sized in the Readiness Sprint and quoted firm-specifically.
| Element | Therapy group, multi-office (20–50 clinicians) |
|---|---|
| Hardware | 2× Mac Studio M4 Max or 1× M3 Ultra + local backup. Central rack. Site VPN or private links between offices. Per-office partitions. |
| Models | Local models for all note workflows. Cloud disabled for notes by default. Allowed only on explicitly approved non-note tasks (e.g., generic admin drafting) under written policy. |
| Knowledge layer | Local vector DB. Per-clinician + per-client partitioning. Per-office policy overlays. Conservative sync rules between offices. |
| Controls | HIPAA + state-specific controls. Access by role, site, and clinician. Breach-response playbook scoped to state notification rules. Encrypted backup. Minimum-necessary access. |
| Cloud fallback | Disabled for notes by default. Allowed only with explicit written policy and signed BAA for narrow non-note tasks. |
One workflow live in a single office, with clinician signoff and a state-specific breach-response plan ready.
Inventory note flows. Map the first workflow. Coordinate with privacy officer + state-specific compliance counsel.
Right-sized appliance. Written policies covering note retention, access, and state-specific breach response.
Network segmentation, MFA, role + site + clinician-scoped access, encrypted backup, audit logging.
Per-office indexing. The first vertical copilot, with strict clinician-review gates.
Clinician + admin training. Audit log review. Decide what to add next.
No. Drafts are explicitly marked as drafts and aren't part of the chart until a clinician edits, finalizes, and signs. The audit log captures the review and signoff for each note.
Psychotherapy notes get extra protection under HIPAA — separate authorization, narrower disclosure rules, often kept apart from the rest of the chart. The appliance respects those boundaries: separate partition, separate access controls, separate retention.
Per-office partitioning supports per-state policy overlays. Massachusetts retention rules, Connecticut breach-notification timelines, and California-specific mental-health protections can all be configured per office.
By default, yes — for documentation and follow-up. We do NOT use the system for any kind of clinical decision-support around crisis. The clinician's response stays the clinician's response; the system documents it.
Code-suggestion can run on the appliance with mandatory clinician review before submission. We don't auto-bill anything. The clinician owns coding decisions.
The Readiness Sprint scopes the pilot in two weeks. Most practices launch live inside 90 days from sprint kickoff.
Sized in the Readiness Sprint. Pilots vary several-fold across practice shapes, especially across multi-office groups. How we think about cost →
Book a 30-minute Readiness Call. We'll walk through your highest-leverage workflow, the privacy frame for your practice and state, and what a 90-day pilot would look like.
Book a Readiness Call →or
Take the readiness check →