If you’re a therapist in private practice looking for an AI email assistant, the decision isn’t “which tool?” — it’s “what goes in which channel?” Client PHI (appointment content, clinical discussion, treatment records) belongs in your practice-management system’s secure portal, with a signed Business Associate Agreement covering any vendor that can see that data. Everything else — referral coordination, CEU scheduling, insurance admin, colleague consultation, vendor emails — flows through your general inbox, and that’s where alfred_ ($24.99/month) fits.
This post makes two claims upfront:
- alfred_ is safe for the non-PHI 60-70% of your practice inbox, with OAuth 2.0, AES-256 encryption, and no training on user data.
- alfred_ is not a HIPAA-compliant solution for client PHI — standard individual subscriptions don’t include a BAA. Don’t route PHI through it.
The correct architecture is channel separation, not trying to make one tool do both.
40-80 emails/day
Typical inbound volume for a private-practice therapist, mixing practice operations with some client-adjacent admin
Practice-management system usage data, 202460-70%
of typical therapist inbox that's clearly non-PHI operations: referrals, CEUs, EAP/insurance admin, colleague consultation, billing from third parties, vendor correspondence
Workflow analysis of solo practices~$70K
Average annual revenue for a solo private-practice therapist at full caseload. Lost CEU deadlines and missed insurance panel renewals are measurable revenue risk
APA Center for Workforce StudiesThe Channel-Separation Framework
The test: does the email content mention a specific client or contain client-identifying information? If yes → secure portal with BAA. If no → general inbox where alfred_ adds value.
| Email type | Safe tool | Why |
|---|---|---|
| Appointment scheduling/confirmation with clients | Practice-management system (SimplePractice, TherapyNotes, TheraNest) | Client-specific = PHI; needs BAA-covered secure messaging |
| Clinical content (symptoms, diagnosis, treatment) | Same — practice-management secure messaging only | HIPAA requires BAA for any system that sees this |
| Test results, assessment exchanges | Same — secure portal with BAA-covered vendor | PHI under HIPAA |
| Referral coordination (from schools, physicians, EAPs) | alfred_ or your general inbox | Non-client-specific until you add client info |
| Insurance panel applications, renewals, credentialing | alfred_ or your general inbox | Administrative, not client-specific |
| CEU registration, CE provider emails | alfred_ or your general inbox | No PHI |
| Colleague consultation (general, not case-specific) | alfred_ or your general inbox | No PHI if truly general |
| Colleague case consultation with client-identifying info | Practice-management secure messaging | PHI — needs BAA |
| Professional association, journal notifications | alfred_ or your general inbox | No PHI |
| Vendor/supplier communication for practice tools | alfred_ or your general inbox | No PHI |
What alfred_ Actually Does for a Therapist Practice
For the non-PHI 60-70% of your inbox:
- Daily Brief each morning: 40-80 emails compressed to a 5-10 minute read; drafts ready for referral acknowledgments, insurance responses, CEU confirmations
- Commitment tracking: CEU deadlines, insurance panel renewal windows, supervision scheduling — all the stuff that slips between sessions
- Drafted responses: routine replies to referral sources, EAP administrators, insurance billing questions
- Calendar integration: cross-checks conflicts between CEU events, supervision, and your clinical schedule
- Search and surface: emails from 6 months ago you vaguely remember (an insurance panel rep, a referral source) findable by natural query
Typical time reclaim for a full-caseload solo practice: 30-45 minutes/day — less than for a CEO but qualitatively different. The value is less about volume and more about nothing slipping: the CEU deadline you’d have missed, the insurance renewal window you’d have ignored, the EAP query that fell between clinical days.
What You Should Still Do Manually
- Anything touching a specific client by name, initials, DOB, or identifying detail
- Any email where the subject line alone could be PHI (“Client follow-up re: Smith — anxiety”)
- Emails you’d want privileged communication protection for
- Anything going to your licensing board, professional liability insurer, or attorney — these are privileged/legal channels that deserve human-eyes-only handling
Alternatives to Consider
- SimplePractice ($49–$129/month): the most popular HIPAA-compliant practice management system. Signed BAA, secure portal, telehealth, client messaging, billing. This is the tool you should use for client-facing email, not alfred_.
- TherapyNotes ($49–$99/month): comparable to SimplePractice with stronger clinical documentation.
- TheraNest ($42–$87/month): budget-friendlier practice system, BAA available.
- Upheal / Blueprint.ai / Mentalyc: AI clinical documentation from session recordings. Different category — AI for clinical notes, not inbox. These have HIPAA-compliant architectures and BAAs; evaluate separately.
The Practical Setup
- Choose your practice-management system first (SimplePractice, TherapyNotes, or TheraNest) — this is your HIPAA-safe client channel
- Use its secure portal for all client-bearing communication, strictly
- Use alfred_ for your general operations inbox — everything non-client
- Set up alfred_ exclusions for senders where you want to handle manually (your supervisor, attorney, licensing board) — this takes 2 minutes
The separation is the point. A single “AI assistant” that tries to handle both surfaces is either regulatory-risky (if it reads PHI without a BAA) or impractical (if you manually split every incoming email). Two channels, each with the right tool, is the clean design.
Try alfred_ free for 30 days for your non-PHI inbox. If you’re not sure whether a given email type counts as PHI, the answer is conservative: route it through your practice system, not alfred_.