HIPAA-Friendly Therapy Session Attendance Tracker (Free, Local-Only)

Q: Is there a HIPAA-friendly attendance tracker for therapy sessions?

Yes. Trackr is a free Chrome extension that logs Google Meet attendance entirely on your laptop — no cloud sync, no server, no third-party data processor. Because nothing leaves your device, there's no Business Associate Agreement (BAA) to negotiate and nothing for an external vendor to leak. Most cloud-based attendance tools require a BAA before they can be used with PHI; Trackr sidesteps that requirement by design.

Q: Do I need a Business Associate Agreement (BAA) to use Trackr?

No. A BAA is required when you share Protected Health Information (PHI) with an external vendor. Trackr stores attendance data only in your browser's local storage on your laptop — the Trackr team has no server, no database, and no access to your roster. Without data leaving your control, there's no business associate relationship and no BAA needed.

Q: How do therapists document group session attendance for insurance billing?

Insurance reimbursement for group therapy (CPT code 90853 and others) typically requires a participant log showing who attended, when they joined, and how long they stayed. Trackr auto-generates this for every Google Meet group session and exports it as a CSV, PDF, or directly into Google Sheets for paste-into-EHR workflows. Free, no signup, local-only.

Q: Can I use Trackr for telehealth one-on-one sessions?

Yes — though one-on-one telehealth usually doesn't need an attendance log the way group therapy does. Trackr works in any Google Meet session, so if you do need a record (for missed-appointment documentation, no-show billing, or court-required attendance verification), Trackr logs it automatically.

Q: What's the difference between Trackr and a cloud-based attendance tool?

Cloud-based tools (Vexa, Fellow, Read.ai) store your attendance roster on the vendor's servers. For therapy use, that means PHI flowing through a third party — which requires a signed BAA, vendor due diligence, and ongoing compliance oversight. Trackr stores nothing externally. The same attendance data exists, but it lives in your browser's local storage, accessible only to you on that specific laptop.

If you run group therapy sessions or telehealth on Google Meet, you already know the attendance problem isn't really about attendance — it's about documentation. Insurance won't reimburse a group session without a record of who was in the room. The cloud-based attendance tools your colleagues use for sales meetings won't pass a HIPAA audit. And every "HIPAA-compliant" tool wants you to sign a BAA, vet a vendor, and trust an external party with PHI. This post walks through why local-only attendance tracking is the right architecture for therapy — and how to set it up in 30 seconds.

The architecture that works for therapy: Trackr is a free Chrome extension that auto-logs Google Meet attendance entirely on your laptop. No cloud sync. No vendor server. No BAA required. The same attendance data you'd get from a paid tool, but the data physically never leaves the device you're running it on.

Why Therapy Attendance Is Different From Everyone Else's

A teacher tracking attendance has FERPA to think about, and that's real — but a therapist faces a stricter stack of obligations rolled into one log:

Insurance billing

Reimbursement for group therapy (CPT codes like 90853, 90837 for individual telehealth) requires session documentation. The attendance log is part of that record.

HIPAA + state laws

A roster identifying patients in a group session is PHI. State privacy laws (CCPA, NYSHIELD, etc.) layer additional obligations on top of HIPAA.

Confidentiality contracts

Group therapy participants sign confidentiality agreements with each other. Any external system holding their names is a potential breach surface.

Court-required records

Court-ordered therapy, IOP attendance for probation, custody-related family therapy — all need auditable attendance records you can produce on request.

Where Cloud-Based Attendance Tools Fail Therapists

The generic SaaS attendance category (Vexa, Fellow, Read.ai, Otter, Tactiq) all share an architectural choice: your roster lives on their servers. For a sales-meeting log that's fine. For therapy, it creates four specific problems:

BAA negotiationEven with a BAA, you've added a business associate to your compliance scope. That means annual review, breach-notification obligations, and vendor audits.

Breach surfaceCloud vendors get breached. When they do, your group's roster — identifying patients by name and group topic — is in the breach disclosure.

Vendor employee accessMost SaaS vendors' engineers can technically access customer data for "support purposes." That's incompatible with patient confidentiality contracts.

Cross-jurisdiction data flowsPHI flowing through a vendor in another state (or country) creates compliance complications for therapists licensed in jurisdictions with strict data-localization rules.

Local-Only Storage: The Architecture That Actually Fits

Trackr is built around a different choice. Attendance data lives in your browser's local storage on the laptop you use to run sessions. There's no server, no database, no vendor employee with access. The team behind Trackr can't leak data they never had.

What stays local

Participant names
Join & leave timestamps
Late-arrival flags
Session duration totals
Notes you add manually

What Trackr can't see

Anything — no servers
No analytics, no telemetry
No user accounts
No third-party processors
No support-access pathways

This architecture means there's no business associate relationship to formalize. PHI doesn't leave your control, so it doesn't reach a business associate, so the BAA requirement doesn't apply. You still have your own HIPAA obligations as a covered entity — that doesn't change. But the vendor-management piece simplifies dramatically.

Use Cases for Group Therapy & Telehealth

Group therapy (DBT, CBT, support groups)

Each session generates a participant log automatically. At the end of the group, click the Trackr icon, review the roster, export to CSV or paste into your EHR's session note. CPT code 90853 (group psychotherapy) requires documentation of group attendance — Trackr generates that documentation without disrupting the therapeutic flow.

Intensive Outpatient Programs (IOP)

IOPs run 9–12 hours of group therapy per week across multiple sessions. Insurance requires attendance documentation at each session — and patient progression through the program depends on consistent attendance. Trackr's cross-session pattern detection flags participants who miss two sessions in a row, often before clinical staff would notice manually.

Court-ordered therapy

When a patient is court-ordered into therapy (substance use, anger management, family court mandates), attendance documentation is non-negotiable. The court may request it on short notice. Trackr keeps a permanent local log you can export to PDF for any session, going back as far as you've had the extension installed.

Telehealth individual sessions

One-on-one telehealth doesn't need an attendance log the way group does — but for no-show billing (typically 50–100% of session fee), late-arrival documentation, or insurance disputes, having the timestamp record helps. Trackr captures it passively.

30-Second Setup for a Therapy Practice

Install Trackr from the Chrome Web Store

One click. No signup, no account, no email address required.

Confirm data is local-only in the extension settings

Trackr's default is local-only. If your practice's compliance officer asks, you can show the settings page that confirms no cloud sync is enabled (and that no such option even exists).

Run your group on Google Meet as usual

Trackr activates when it detects the participant panel. No buttons during the session, nothing visible to participants, no bot in the meeting.

Export the session log to your EHR

CSV for SimplePractice / TherapyNotes / TheraNest paste-in, PDF for paper records, or a printable summary for billing.

Compliance Checklist for Your Practice

Document the architectural choice. Note in your HIPAA risk assessment that attendance data is stored only in browser local storage, no business associate relationship exists.
Use a dedicated practice device. If you share a laptop across personal and clinical use, separate Chrome profiles or a clinical-only device reduces blast radius.
Encrypt the laptop at the disk level. FileVault (Mac), BitLocker (Windows). Local-only storage doesn't help if the laptop itself is lost unencrypted.
Export and clear regularly. After each session, export the log to your secure EHR or encrypted local folder, then clear it from Trackr. Keeps the active dataset small.
Don't install Trackr on a shared / unmanaged browser. Public computers, library machines, kiosks — never run a session log from those.
Consult your compliance officer. Trackr's architecture removes the BAA requirement — but your practice's specific policies may still require sign-off. This blog post is not legal advice.

Frequently Asked Questions

Is there a HIPAA-friendly attendance tracker for therapy sessions?

Yes — Trackr stores attendance entirely on your laptop with no cloud sync. No BAA required because no PHI ever leaves your device. Free, no signup.

Do I need a Business Associate Agreement (BAA) to use Trackr?

No. A BAA is required when you share PHI with an external vendor. Trackr's team has no server, no database, no access to your roster. Without data leaving your control, the BAA requirement doesn't apply.

How do therapists document group session attendance for insurance billing?

Insurance reimbursement for group therapy (CPT 90853 and others) requires a participant log. Trackr auto-generates this for every Google Meet group session and exports as CSV, PDF, or directly into Sheets for EHR paste-in.

Can I use Trackr for telehealth one-on-one sessions?

Yes, though one-on-one usually doesn't need a formal log. Trackr captures it passively if you do need documentation (no-show billing, court-required records).

What's the difference between Trackr and a cloud-based attendance tool?

Cloud tools (Vexa, Fellow) store your roster on their servers — that's PHI in third-party hands, which requires a BAA and vendor due diligence. Trackr stores nothing externally; the same data exists, but locally on your laptop only.

For more context on Google Meet attendance setup generally, see our complete Google Meet attendance guide, the step-by-step tutorial, or the comparison of attendance extensions. For other persona angles, see our guides for teachers and online instructors.

HIPAA-Friendly. Local-Only. Free.

Trackr stores attendance data only on your laptop — no BAA, no signup, no cloud. Built for therapists, counselors, and group facilitators.

This post is not legal or compliance advice. Consult your practice's HIPAA officer before deploying any new tool with PHI workflows.