Insights

From the Intersection of Clinical Work and Technology

Observations on behavioral health infrastructure, operational design, and what happens when someone who has actually done the clinical work starts building the systems.

Your EHR Is Not Your Source of Truth (And That Is the Problem)

Most behavioral health group practices operate under a dangerous assumption: that their Electronic Health Record is the single source of truth for their organization. It is not. It was never designed to be. And the longer a practice treats it as one, the more fragmented, unreliable, and expensive their data infrastructure becomes.

An EHR is a clinical documentation tool. It is built to capture session notes, treatment plans, diagnoses, and billing codes. It does that job reasonably well, depending on the vendor. But somewhere along the way, group practices started expecting their EHR to also function as a CRM, an admissions tracker, a marketing attribution engine, a staff scheduling platform, and an executive reporting dashboard. It cannot do all of those things. And when you force it to, you end up with five different departments pulling five different numbers from the same system and none of them matching.

The Hub-and-Spoke Problem

What most growing practices actually need is a hub-and-spoke architecture: a clearly defined source of truth at the center, with purpose-built tools radiating outward for specific functions. The EHR handles clinical documentation. A CRM like Salesforce handles admissions, referral tracking, and lead source attribution. Google Workspace or a similar platform handles internal communication, shared drives, and organizational governance. Billing lives in its own system or module. Each spoke does what it was designed to do, and data flows between them through intentional integrations with clear ownership rules.

The alternative, which is what most practices are living with, is what I call "accidental architecture." No one sat down and designed the system. It grew organically. Someone signed up for a scheduling tool. Someone else started a spreadsheet for admissions tracking. The EHR vendor added a half-baked CRM module that nobody fully adopted. Now there are four platforms holding overlapping client data, no canonical record, and an operations team spending hours each week reconciling numbers that should have been automated from the start.

The most expensive infrastructure decision a practice makes is the one they never consciously made at all.

What a Source of Truth Actually Means

A source of truth is not just "where the data lives." It is a governance decision. It means defining, for every critical data point in your organization, which system owns it, who can modify it, and how changes propagate to downstream systems. Client demographic data might live in your CRM. Clinical data lives in your EHR. Financial data lives in your billing platform. But someone has to decide which system wins when there is a conflict, and that decision has to be documented, enforced, and understood by every team that touches the data.

This is not a technology problem. It is an organizational design problem that manifests as technology chaos. And it is exactly the kind of problem that gets worse, not better, as a practice grows. At five clinicians, you can manage it with workarounds. At fifteen, the workarounds start breaking. At thirty, you are hiring full-time staff just to maintain the duct tape.

Where to Start

If this sounds familiar, the first step is not buying new software. It is mapping what you actually have. Every platform, every integration, every spreadsheet, every manual process. Then you define your canonical sources, document your data flows, and start making intentional decisions about what goes where and why. The technology choices come after the architecture decisions, not before.

HIPAA Compliance Is a Design Principle, Not a Checklist

There is a version of HIPAA compliance that most behavioral health practices are familiar with: the annual training, the BAA binder, the checkbox on the vendor contract. Staff complete a module, sign a form, and everyone moves on. This version of compliance is not wrong, exactly. It is just incomplete in a way that creates real liability.

The problem is that compliance-as-checklist treats HIPAA as something you do periodically rather than something you build into the architecture of your organization. When your systems are not designed with data governance, access controls, and audit trails as structural elements, every new tool you add, every integration you build, and every staff member you onboard becomes a potential compliance gap. You are not securing your infrastructure. You are patching it.

What Structural Compliance Looks Like

Structural HIPAA compliance means that the rules are embedded in the system itself, not in a policy document that sits in a shared drive nobody opens. It means role-based access controls that are configured at the platform level, not managed through informal agreements about who should see what. It means audit trails that are automatic, not reconstructed after the fact when someone asks a question. It means BAAs that are tracked in a centralized register with expiration dates and renewal workflows, not scattered across email threads from three years ago.

If your compliance strategy depends on everyone remembering to follow the rules, it is not a strategy. It is a hope.

The Multi-Entity Problem

This gets significantly more complex for organizations that operate across multiple entities, which is increasingly common in behavioral health. When you have a parent company, a clinical entity, and a management services organization sharing infrastructure, the compliance architecture has to account for data boundaries between entities that share staff, systems, and sometimes physical space. Google Workspace shared drives, Salesforce permission sets, EHR access levels: all of these need to be configured with entity-level separation in mind, not just role-level.

I have seen organizations where a billing coordinator in one entity has read access to clinical notes in a different entity because nobody configured the permission sets at the entity level. That is not a training failure. That is an architecture failure. The system allowed it because nobody designed the system to prevent it.

Joint Commission and Beyond

For practices pursuing or maintaining Joint Commission accreditation, the documentation requirements go well beyond standard HIPAA. You need demonstrable evidence of ongoing compliance: documented risk assessments, incident response procedures, workforce training records, and physical safeguard documentation. These are not things you can assemble the week before a survey. They need to be living systems that generate evidence continuously.

The good news is that when compliance is built into your architecture from the beginning, most of this evidence generates itself. Access logs exist because you configured logging. Training records exist because you built onboarding workflows. Risk assessments are easier because you actually know what systems you have and how data flows between them. The practices that struggle with audits are almost always the ones that built their infrastructure first and tried to bolt compliance on afterward.

Why Clinicians Resist Your New Software (And Why They Are Usually Right)

Every group practice owner has lived through some version of this: you invest in a new platform, spend weeks configuring it, roll it out to your clinical team, and watch adoption stall within the first month. The therapists are not using it. Or they are using it wrong. Or they are using it and the old system simultaneously, which is somehow worse than either one alone. The instinct is to blame resistance to change. But in most cases, the clinicians are responding rationally to a system that was not designed for how they actually work.

I say this as someone who has been on both sides. I spent years as a therapist before I ever touched a systems architecture project. I know what a clinician's day actually looks like: the back-to-back sessions, the ten-minute windows for documentation, the cognitive load of holding six different clients' treatment arcs in your head while also trying to remember which dropdown menu captures the right billing code. When a new system adds friction to that workflow, even small friction, the resistance is not irrational. It is self-preservation.

The Design Gap

Most behavioral health software is designed by people who have never provided therapy. This is not a criticism of their technical ability. It is an observation about a structural gap in the design process. When the people building the tool do not have a felt sense of what it is like to use it under clinical conditions, they optimize for the wrong things. They build features that look logical in a product demo but create friction in a real clinical day.

A scheduling system that requires six clicks to reschedule a session makes sense to a developer who thinks in terms of data integrity and confirmation flows. It does not make sense to a therapist who has ninety seconds between sessions and a client on the phone asking to move to Thursday. A documentation template that captures every possible data point satisfies a compliance officer but exhausts a clinician who has to complete it forty times a week. The design choices are defensible in isolation. They just do not survive contact with clinical reality.

The gap between how systems are designed and how clinicians actually experience them is exactly where value lives in behavioral health technology.

Change Management Is Clinical Work

Here is something that most IT consultants do not understand about behavioral health settings: change management in a clinical environment is fundamentally different from change management in a corporate one. Therapists are trained to be attuned to disruption. Their entire professional skill set is built around noticing when something feels off, when a process creates unnecessary stress, when a system is not serving the people inside it. When you roll out a new platform without accounting for this, you are not just fighting inertia. You are fighting a workforce that is professionally trained to identify dysfunction.

Effective technology rollouts in clinical settings require what I think of as clinical empathy at a systems level. You have to understand the emotional and cognitive experience of the end user, not just the procedural one. That means shadowing clinicians before you configure the system. It means building workflows around their actual day, not around the platform's default settings. It means creating documentation that speaks their language, not the vendor's. And it means building in feedback loops that are genuine, not performative.

What Good Adoption Looks Like

The practices I have seen succeed with technology transitions share a few things in common. They involve clinicians in the design process early, not as an afterthought. They roll out in phases, with clear support structures at each stage. They designate clinical champions, not IT liaisons, as the primary point of contact for questions. And they measure adoption not by login counts but by whether the system is actually reducing friction in the clinical workflow.

The goal is not to get clinicians to use the software. The goal is to build systems that clinicians do not have to think about because the technology fits so naturally into their workflow that it disappears. That is the standard. And it is only achievable when the person designing the system understands what it feels like to sit in the chair.

Ready to Fix the Infrastructure?

If any of this sounds like your practice, the first step is a focused conversation about where you are and where the systems need to go.