Short answer: No. A guide by a psychotherapist.
When I started my private practice almost 15 years ago, the setup was simple: a room, two chairs, a notebook, and a phone. If I saw a client online, I used Skype. Notes were handwritten and stored in a large IKEA filing box, invoices were prepared manually and sent by email, and clients contacted me by email. This was before GDPR, before practice management software, and certainly before AI tools promising to “save therapists time.”
Over the past decade — especially since COVID — mental health has increasingly become a technology market. New platforms and tools promise to make therapy more efficient, more accessible, and easier to manage. Many of these tools are helpful. But many therapists today find themselves using five to ten different systems to run their practice: one for video, one for notes, one for scheduling, one for invoices, one for messaging, one for visibility. This is expensive, time-consuming, and often not fully GDPR compliant.
At the same time, GDPR and data security have become a central part of our professional responsibility. As psychotherapists, we work with extremely sensitive personal data — in human terms, with trust. The tools we use are therefore not just technical choices, but part of the ethical and legal framework of our work.
This guide explains what tools psychotherapists actually need today to run a private practice in a professional, secure, and sustainable way — and how to choose solutions that support your work instead of complicating it. It is written from my perspective as a psychotherapist in private practice and as one of the founders ofIt’s Complicated, a platform built to provide therapists with secure tools, professional community, and visibility for their practice.
Quick Overview: What Tools Do Psychotherapists Need for Private Practice?
| Area | What you need |
| Online sessions | Secure video platform |
| Client communication | Secure messaging |
| Documentation | Notes system / EHR (Electronic Health Record) |
| Scheduling | Calendar & booking |
| Billing | Invoicing |
| Data protection | GDPR-compliant data storage |
| Visibility | Website or therapist directory |
| Professional support | Community / peer network |
Running a private practice today means running a small business. The challenge is that many therapists end up using separate tools for each of these areas, which increases cost, complexity, and GDPR risk.
GDPR for Psychotherapists: What It Actually Means
If you run a private practice in Europe, GDPR is not optional. As psychotherapists, we work with health data — one of the most protected categories of personal data.
You are legally responsible for how this data is handled, even when using external tools.
This means you must ensure:
- Secure storage of client data
- Protected communication
- A clear legal basis for processing data
- Transparency toward clients
- GDPR-compliant software providers
You can explore how different features are handled in practice here.
GDPR does not mandate a specific technology (such as end-to-end encryption), but requires appropriate technical and organizational measures to protect sensitive data.
What Makes a Tool GDPR Compliant?
- Data Processing Agreement (DPA)
- Encryption (in transit and at rest)
- Access control
- Transparent data usage
GDPR vs Best Practice
Some aspects go beyond GDPR and fall into clinical or ethical best practice, for example:
- Avoiding recording sessions by default
- Minimizing data exposure
- Choosing providers that do not use data for secondary purposes
Secure Video for Therapy Sessions: What to Look For
A video platform for therapy should provide:
- Secure, encrypted connection
- Controlled access (e.g. waiting room)
- GDPR compliance (DPA)
- No unnecessary data processing
General tools like Zoom or Google Meet can be configured appropriately, but require careful setup.
Taking Notes: Clinical Work and Legal Documentation
Notes are part of your clinical work — and your legal documentation.
In some contexts, this is referred to as an EHR (Electronic Health Record). In psychotherapy, this can range from simple structured notes to more formal systems depending on regulatory requirements.
Why Notes Matter
- Continuity of care
- Clinical clarity
- Professional documentation
For therapists working with insurance, notes are often legally required for reimbursement and audits.
Where Risks Occur
Common tools like:
- Apple Notes
- Google Docs
- Notion
may not meet GDPR requirements for clinical data.
What a Secure Notes System Should Provide
- Secure storage
- Access control
- GDPR compliance
- Simple, structured documentation
Secure Messaging With Clients
Communication is one of the most common risk areas.
In Germany, the issue is not whether you use Gmail or another provider — but whether communication is properly secured and GDPR compliant. Standard email can be configured to meet requirements, but is often not ideal for transmitting sensitive clinical information.
What to Use Instead
Use secure messaging systems designed for clinical communication, providing:
- Encryption (in transit and at rest)
- Controlled access
- Clear separation from private communication
- Secure storage
Invoicing and Administration
Many therapists use tools like PayPa or iZettle.
These work — but often create fragmentation:
- Separate subscriptions
- Manual workflows
- Disconnected systems
Marketing and Finding Clients
Clients typically find therapists through:
- Word of mouth
- Directories
A basic setup includes:
- A clear profile or website
- Easy contact options
Using Many Tools vs Using One Platform
Most therapists use multiple tools. This leads to:
- Higher costs
- More admin
- Greater GDPR complexity
- Scattered data
A Platform Built by Therapists, Not Venture Capital
This is why we built It’s Complicated — a therapist-run platform designed to simplify private practice.
Instead of combining multiple services, therapists can run their practice in one place — often reducing both cost and complexity.
Conclusion: Technology Should Support Therapy, Not Complicate It
Running a private practice today is more complex than it used to be.
But it doesn’t have to be overwhelming.
The right setup allows you to:
- Work securely
- Stay compliant
- Reduce administration
- Focus on your clients
Because in the end, psychotherapy is not about tools.
It is about relationship.
About the Author
Jakob Lusensky is a psychotherapist in private practice and co-founder of It’s Complicated, a therapist-run platform providing secure tools, professional community, and visibility for psychotherapists.
