When therapists evaluate AI documentation tools, privacy is — rightly — the first concern. Your patients share their most vulnerable thoughts and experiences in session. Any technology that touches that content must meet the highest privacy standards.
On-device PHI redaction is the strongest privacy architecture available for AI-assisted documentation. This article explains exactly how it works, why it's superior to cloud-based alternatives, and what to look for when evaluating platforms.
What Is PHI?
Protected Health Information (PHI) is any information that can identify an individual in a healthcare context. Under HIPAA, there are 18 specific identifiers:
- Names
- Dates (birth, admission, discharge, death)
- Telephone and fax numbers
- Email addresses
- Social Security numbers
- Medical record numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers and serial numbers
- Device identifiers
- Web URLs and IP addresses
- Biometric identifiers (fingerprints, voiceprints)
- Full-face photos
- Geographic data smaller than a state
- Any other unique identifying number or code
In a therapy session, PHI appears constantly. Patients mention their name, their family members' names, their workplace, their address, dates of significant events, and countless other identifying details.
The Problem with Cloud-Based Processing
Most AI documentation tools work like this: they record your session, upload the raw audio to a cloud server, transcribe it there, and then generate notes. The PHI redaction — if it happens at all — occurs after the data has already traveled across the internet and been processed on servers you don't control.
This creates several risk points:
- Data in transit: Raw audio containing PHI travels over the internet, even if encrypted.
- Data at rest: The cloud server stores raw audio and transcripts containing PHI, even temporarily.
- Third-party access: Cloud providers, subprocessors, and their employees may have theoretical access to the data.
- Breach exposure: If the cloud service is breached, raw PHI is exposed.
Even with a Business Associate Agreement (BAA), encryption at rest, and encryption in transit, the fundamental problem remains: your patients' most sensitive information exists in identifiable form on infrastructure you don't control.
How On-Device PHI Redaction Works
On-device PHI redaction flips this model. Here's the technical flow:
Step 1: On-Device Transcription
The speech recognition model runs directly on your phone, tablet, or computer. Audio is converted to text without ever leaving the device. Modern on-device speech models — running on hardware neural engines in recent phones and tablets — can transcribe with accuracy comparable to cloud-based systems.
Step 2: Named Entity Recognition (NER)
A specialized NER model, also running on-device, scans the transcript and identifies PHI entities: names, dates, locations, phone numbers, and other HIPAA identifiers. This model is trained specifically on clinical conversation patterns, so it recognizes PHI even when spoken informally ("I was talking to my sister Jen about it" — "Jen" is flagged as a name).
Step 3: Token Replacement
Each identified PHI entity is replaced with a category token. "Jen" becomes [FAMILY_MEMBER]. "123 Oak Street" becomes [ADDRESS]. "March 15th, 1987" becomes [DATE]. The original values are stored only in a secure local vault on the device, never transmitted.
Step 4: De-Identified Transmission
The de-identified transcript — containing only clinical content and category tokens — is transmitted to the AI note generation service. The language model generates a clinical note from this de-identified content.
Step 5: Local Re-Identification
When the generated note returns to your device, the tokens are replaced with the original values from the local vault. The final note reads naturally ("Patient discussed conflict with sister Jen") but the AI service only ever saw "[FAMILY_MEMBER]."
Why This Architecture Is Superior
The security advantage is straightforward: data that never leaves your device cannot be intercepted, stored, or breached on a remote server.
Consider the difference in breach scenarios:
- Cloud-based breach: Attackers access raw session transcripts with full PHI for potentially thousands of patients.
- On-device architecture breach (server side): Attackers access de-identified transcripts. They see clinical content but cannot tie it to any individual patient. The data is essentially useless for identity theft or targeted harm.
This is the principle of data minimization — a core tenet of privacy-by-design — applied rigorously. The server only ever has the minimum data necessary to generate the note, and that data cannot identify anyone.
What About Accuracy?
A common concern is whether on-device models are accurate enough. The answer in 2026 is yes. Apple's Neural Engine, Qualcomm's AI Engine, and dedicated NPUs in modern devices can run models with billions of parameters at real-time speed. On-device speech recognition accuracy now matches or exceeds most cloud offerings for conversational English.
NER accuracy for PHI detection typically exceeds 98% in clinical conversation contexts. The small number of missed entities tends to be unusual identifiers (e.g., a highly unusual name that looks like a common word) — and your review step catches these.
Questions to Ask Vendors
When evaluating any AI documentation platform, ask these specific questions:
- Where does transcription occur — on-device or in the cloud?
- At what point is PHI redacted — before or after data leaves the device?
- What model is used for PHI detection, and what is its accuracy rate?
- Is raw audio ever transmitted or stored on remote servers?
- Can you provide a data flow diagram showing exactly where PHI exists at each stage?
If a vendor can't answer these questions clearly, that tells you something important about their privacy architecture.
The Standard for 2026 and Beyond
On-device PHI redaction isn't just a nice-to-have — it's becoming the expected standard for any AI tool that touches therapy session content. As state privacy laws tighten and patients become more informed about data practices, the practices that adopt privacy-first architectures now will be best positioned for the future.
See how Mediyn implements on-device PHI redaction in its AI documentation workflow.