Therapy & Mental Health Forms

Mental-health practice operates on one of the strictest confidentiality standards in professional life. A patient who discloses depression, trauma history, suicidal ideation, substance use, relationship difficulties, or psychiatric diagnoses is trusting the practice with information that — if exposed — can affect their employment, their family life, their insurance, and their safety. Yet many practitioners still collect that information through general-purpose online forms whose provider can read every word before the clinician ever sees it.

Schweizerform is built on the opposite premise. Every submission — an intake questionnaire, a PHQ-9 screening, a trauma history, a medication list, a session-preparation note — is encrypted in the patient's browser before it reaches our servers. We physically cannot read it. For psychotherapists, psychologists, counsellors, and mental-health clinics, that property — combined with Swiss hosting and nFADP-aligned architecture — turns online intake from a confidentiality risk into a control that actually meets the profession's expectations.

Why Generic Form Tools Fail Mental-Health Practice

Most online form tools operate on a conventional SaaS model: the patient's browser sends plain-text data over HTTPS, and the provider's server stores it. That server can read everything. So can the provider's staff, their integration partners, anyone who compromises their infrastructure, and any authority that serves a lawful order on the provider.

For most forms, that model is acceptable. For a psychotherapist collecting an intake history, it creates a problem that the profession has specifically organised itself to avoid: the patient's mental-health disclosure is sitting in plain text on a third-party server.

• A new patient describes a history of sexual abuse in an intake questionnaire; the provider's database contains a readable account before the first session
• A PHQ-9 or GAD-7 score marked in the severe range sits on a server indexed by the provider's analytics
• A substance-use history names specific drugs, frequencies, and contexts; that text is processed by the provider's backend and backed up offsite
• A session-preparation form describes suicidal thoughts the patient felt unable to say out loud; the response is stored alongside marketing-survey data on the same provider's infrastructure
• A subpoena or data request targets the provider; it reaches the patient's mental-health file without the patient ever being notified

How Schweizerform Protects Clinical Confidentiality

Schweizerform is a zero-knowledge end-to-end encrypted form platform. The encryption happens in the patient's browser, before any data leaves their device. Only holders of the form's Access Code can decrypt submissions. We — the provider — cannot.

Concrete Clinical Use Cases

First-session intake questionnaire

The core use case. Instead of asking the patient to fill a paper form in the waiting room or to recap their whole history verbally in the first session, a secure intake form collects presenting concern, history, current medication, relevant medical background, prior therapy, and risk factors — before they arrive. Every field is encrypted in the patient's browser. The practitioner opens the submission and enters the first session already informed.

Validated screening instruments (PHQ-9, GAD-7, PCL-5, AUDIT, etc.)

Standardised screening and outcome measures are used before intake, between sessions, and as outcome tracking. Their scores are highly diagnostic and must stay strictly inside the clinical relationship. Schweizerform lets you run these instruments through a secure link — score the form when you decrypt it, and keep the raw responses under the practice's control, not the vendor's.

Session-preparation and homework forms

Many therapeutic modalities — CBT, ACT, schema therapy, exposure work — rely on between-session tasks. Thought records, exposure diaries, and behavioural logs are deeply personal and often record specific situations, people, or memories. A zero-knowledge form replaces insecure email attachments with a channel that only the therapist can read.

Risk-assessment and crisis intake

Specialised crisis lines, suicide-prevention services, and trauma clinics need intake that the reporter can complete without fear that the answers will surface outside the service. Encrypted submission with per-form Access Codes means that even inside a larger clinical organisation, only the designated crisis team holds the keys to that form.

Couples, family, and adolescent intake

Couples and family therapy intake often requires separate confidential questionnaires for each participant. Schweizerform lets each person submit a private, encrypted response, which the therapist can then reconcile with the relational context in their own notes — without the intake data being visible across participants or to the provider.

Insurance-compatible outcome tracking

Some health-insurance models require periodic outcome reporting. Schweizerform allows routine outcome measures (e.g., CORE-OM, OQ-45) to be completed securely by the patient. Once decrypted in the practice's browser, the practitioner enters an appropriate summary score into the insurer's channel — without the raw responses ever leaving the practice.

What Patients, Regulators, and Subpoenas See

Regulatory Context: nFADP, Art. 321 StGB, GDPR

Swiss psychologists and psychotherapists hold a bar-enforced duty of professional secrecy under Art. 321 of the Swiss Penal Code, reinforced by the Psychology Professions Act (PsyG) and cantonal health-practice regulation. Breach of that secrecy — including via an inadequately secured third-party processor — is a criminal offence. The nFADP adds a civil data-protection layer, treating mental-health data as sensitive personal data requiring a high standard of security (Art. 8), documented processor obligations (Art. 9), and a short breach-notification deadline (Art. 24).

In the EU, mental-health data is a special category under Art. 9 GDPR. Processors must meet the heightened security bar of Art. 32 and, under Art. 34(3)(a), a breach that only exposes data rendered unintelligible to unauthorised parties — for example, by strong encryption where the keys were not compromised — does not require individual notification.

Features Relevant to Mental-Health Practice

• Zero-knowledge end-to-end encryption on every submission — no provider read access
• Encrypted document uploads — prior reports, medication lists, referring-doctor letters
• Multi-language forms (EN / DE / FR / IT) out of the box — patients can fill intake in their mother tongue
• Per-form Access Codes that can be scoped to specific practitioners in a group practice
• Swiss hosting with nFADP-aligned data-processing posture — response data does not leave Switzerland
• Audit log of access events without exposing submission content
• Support for validated screening instruments in a secure, repeatable format
• Free tier suitable for piloting a single intake form before expanding to the whole practice

Common Objections

"Patients will never fill a form online for something this personal."

Evidence and clinical experience both suggest the opposite: patients often disclose more on a thoughtful structured form than in an initial verbal interview, because the form lets them take their time, revisit difficult questions, and share what they might hesitate to say face-to-face. A visibly encrypted, Swiss-hosted channel increases that willingness.

"If we lose the Access Code, we lose the intake."

Correct — this is a deliberate property of zero-knowledge architecture. The recommended practice is a documented key-custody procedure: a sealed envelope held by the practice, a split custody between two clinicians in a group, or a hardware security module. It avoids single-person failure and preserves professional secrecy.

"We need to integrate with our practice-management software."

Integrations happen after decryption, on the practitioner's workstation. The encrypted submission is decrypted in-browser and exported in whatever structured form your practice software accepts. An integration on our server side is by definition impossible — we do not have the keys.

"Email is easier."

Email is habit, but professional-secrecy liability is asymmetric: the practitioner carries the consequence of a disclosure that should not have happened. A single encrypted intake form, linked from the practice website, removes unencrypted attachments from the picture and gives a cleaner audit trail.

Rolling Out a Schweizerform Intake Channel

The Bottom Line

Mental-health practice runs on trust. A patient who discloses depression, trauma, or suicidal ideation on a form is extending the therapeutic alliance to whatever collects that form. A tool whose provider can read every word of that disclosure is not compatible with the ethics or the legal standing of the profession.

Schweizerform offers a direct answer: zero-knowledge end-to-end encryption on every form, Swiss hosting, and a posture aligned with Art. 321 professional secrecy and nFADP expectations. No paid upgrade for security. No US-cloud dependency for clinical response data. No third-party-readable copy of sensitive mental-health disclosures on a server you do not control.