Start with the question most demos skip: who does the AI talk to?
Before features, settle the boundary. In a behavioral-health setting, the first question is whether the system ever addresses, advises, or interacts with the client. The answer changes what category of product you are evaluating, and it changes your risk exposure.
A clinician-support layer reads the session and surfaces context to the clinician. It does not speak to the person in the room, does not offer the client guidance, and does not make a clinical decision. The clinician holds all clinical judgment. A tool that talks to clients directly is a different thing entirely, with a different consent, liability, and oversight profile, and it should be evaluated as such.
Make a vendor state this plainly. Ask, in writing, every party the system communicates with and every action it can take on its own. If the line between supporting the clinician and interacting with the client is blurry in the sales conversation, it will be blurry in the clinical room, and that is the wrong place to discover it.
Consent: built in, or bolted on?
Nothing should be captured without consent, and consent should be a designed part of the workflow rather than a checkbox a busy front desk forgets. Ask how the system obtains, records, and honors client consent, and what happens to a session when consent is absent or withdrawn.
Press on the mechanics. Can a client decline and still receive care without friction? Is consent captured per client, and is it easy to see who has consented and who has not? When someone withdraws consent, what happens to material already captured, and how quickly does the change take effect? A vendor built for behavioral-health work will answer these without hesitation. A vague answer here is a reason to slow down.
HIPAA, BAA, and where your data lives
Treat compliance as a gate, not a logo on a slide. Confirm the system is HIPAA-ready and that the vendor will sign a Business Associate Agreement. The BAA is the document that makes the relationship accountable, so ask for it early and have your own counsel read it rather than taking the deck's word for it.
Then ask where protected health information actually lives, who can access it, how it is encrypted in transit and at rest, how long it is retained, and whether you can export and delete it on request. These are not edge-case questions. They are the substance of whether your records stay under your control, and the answers belong in the contract, not the conversation.
Does your data train a shared model?
This is the question many buyers miss and some later regret. Session content is among the most sensitive data a practice holds. Get one thing answered in writing: is our clinical data ever used to train a model that other customers benefit from?
There is a real difference between a vendor that pools customer data into a shared model and one that keeps your records isolated to your account. The first means your clinical material can quietly inform a stranger's system. The second means the memory compounds only for you, on your own care. The right posture for behavioral-health work is that your records stay yours and are never used to train a shared model. Confirm it explicitly, because silence usually means the opposite.
Human-in-the-loop: it supports, it does not decide
Be precise about what the system is allowed to do. A support layer should surface context, continuity, and relevant history to the clinician. It should not advise the client, record an assessment as fact, or take a clinical action on its own. The clinician decides what to say, what to record, and what to do next.
Ask the vendor to walk through every action the system can take without a person, then decide which of those, if any, you want enabled. Anything that touches the client relationship or the clinical record should pause for review. That step is cheap insurance that no unreviewed output reaches a client or stands in for a clinician's judgment.
EHR fit and clinician workflow
A tool that lives outside the clinician's existing flow tends to get abandoned, however good it looks in a demo. Verify how the system fits your actual stack. Does it integrate with your EHR cleanly, write where you expect with field mapping you control, and avoid creating duplicate or junk records? Confirm this on a real workflow during evaluation, not in a sandbox.
Then weigh the load it places on the clinician. The aim of a support layer is to lower the cost of holding continuity across sessions, not to add another window to manage. Ask how a clinician interacts with it during and after a session, how much it asks of them, and what the clinician keeps full control over. If it adds steps without giving time back, adoption decays no matter how capable the underlying system is.
The checklist: what to verify before you sign
Run every shortlisted vendor through the same questions and make them answer in writing. The gaps surface quickly when you line the answers up side by side.
- Boundary: does the system ever address, advise, or interact with the client, or does it only support the clinician? Get every party it communicates with listed explicitly.
- Consent: how is client consent obtained, recorded, and honored? What happens to captured material when consent is withdrawn, and how fast does that take effect?
- HIPAA and BAA: is the system HIPAA-ready, and will the vendor sign a BAA your counsel can review before you sign?
- Data location and control: where does PHI live, who can access it, how is it encrypted, how long is it retained, and can you export and delete it on request?
- Shared-model training: is your clinical data ever used to train a model that benefits other customers? Confirm in writing that your records stay yours.
- Human-in-the-loop: which actions, if any, can the system take without a person? Confirm it never advises the client or makes a clinical decision, and that the clinician approves anything that reaches the record or the client.
- EHR fit: does it write to your EHR cleanly, with field mapping you control, without duplicate or junk records? Verify on a real workflow during evaluation.
- Clinician workflow: how does a clinician use it in and around a session, how much does it ask of them, and does it give time back rather than adding steps?
- Continuity: how does the system carry context across sessions and across clinicians covering for one another, so care does not depend on one person's memory?
- Time to value and support: how long from contract to a clinician getting real use from it, and what does onboarding and ongoing support actually look like?
How to read the answers
Two patterns tell you most of what you need. A vendor that answers the boundary, consent, and data questions crisply has built for behavioral-health work and understands what is at stake. A vendor that treats these as friction, or buries the answers, is telling you where its priorities sit.
This is the posture Momentum Mental Health is built on. Its five-brain core converges into one continuous memory of care, so continuity does not rest on a single clinician remembering everything. The layer supports the clinician and never speaks to the client. Consent is built in. It is HIPAA-ready, a BAA is available, and your records stay yours and are never used to train a shared model. We do not replace the clinician. We make every clinician a veteran, and we leave clinical judgment and the client relationship in human hands, where they belong.