Technology is moving fast. New apps, platforms, and AI-powered tools appear every month claiming to support speech and language therapy. Some are excellent. Some are not. And as an SLP, working out which is which - while also making sure you are not accidentally breaking data protection laws - can feel overwhelming.
This is something I think about constantly. Building Therapy withVR, I have spent years navigating GDPR, HIPAA, FERPA, the EU AI Act, accessibility standards, and data hosting regulations across dozens of countries. I have learned a lot - sometimes the hard way - about what clinicians need to know before adopting any new technology.
During a recent webinar, I shared some tips with SLPs about what to look for when evaluating new tech. That list kept growing. It turned into a 38-item checklist, then a complete guide, then a quick reference card, then a vendor question sheet. Classic scope creep - but the result is something I think genuinely helps.
I am making the whole thing available for free. Request your copy below.
Why SLPs need this checklist
Here is the problem: most SLPs did not train as technology evaluators. You trained to support people with communication differences. But now you are expected to assess whether a tool is HIPAA compliant, GDPR compliant, safe for children, transparent about its AI, accessible for your clients, and actually backed by evidence - all before your next session.
That is a lot. And the consequences of getting it wrong are real. Using a tool that does not comply with your local data protection law is not just bad practice - it can be a legal violation. Entering client information into an AI tool that uses your data for model training is a privacy risk many clinicians do not even know they are taking.
The Technology Checklist for SLPs gives you a structured way to evaluate any technology, so you do not have to figure it out from scratch every time.
What the checklist covers
The checklist has 38 items across 9 sections, each tagged with a priority level:
- Essential - every SLP should check these, regardless of setting
- Recommended - important for most, with depth varying by context
- Situational - depends on your setting, client population, or technology type
The 9 sections
1. Data Privacy & Compliance - Does the tool comply with your local data protection law? What data is collected? Where is it hosted? What happens to your data if you leave? Not all laws apply to every SLP: HIPAA only applies to US healthcare providers handling Protected Health Information, FERPA only to US schools with federal funding, and GDPR to anyone processing data of people in the EU/EEA.
2. AI & Transparency - If the tool uses AI, do you understand what it does? Is your client’s data used to train the model? Can you override AI outputs at any time? Under the EU AI Act, AI literacy is now a legal obligation - and certain clinical AI uses may be classified as high-risk.
3. Informed Consent - Have you told your client you are using this technology? Have they been given the option to decline? Consent requirements vary by jurisdiction, but the principle is universal.
4. Language & Accessibility - Can you work effectively in the software’s language? More importantly, if your client interacts with it directly, is it available in their language? If it uses speech recognition, has it been tested with your client population?
5. Cultural & Clinical Fit - Is there peer-reviewed evidence supporting this tool? Do the environments and content reflect your client’s real world? Does it fit your clinical workflow?
6. Security & Breach Notification - What happens if there is a data breach? How quickly will you be notified? Timelines vary from 72 hours (GDPR) to 60 days (HIPAA) to “as soon as feasible” (PIPEDA).
7. Working with Children & in Schools - Have you obtained additional parental consent? Does the tool comply with child-specific rules like COPPA, the ICO Children’s Code, or GDPR Article 8? Three different rules may apply at once - the platform’s age policy, privacy law, and clinical consent - and the highest threshold wins.
8. Organizational Readiness - Have you identified the right people in your organization? Does your professional liability insurance cover this? Is the tool certified as a medical device where required?
9. Peer Validation - Have you spoken to colleagues who already use this tool? Have you checked your professional association’s resources?
What is in the resource pack
The checklist comes as a four-document resource pack:
The Checklist - All 38 items on a printable form, with check boxes and concise explanations. Use this as your working document when evaluating any new technology.
The Complete Guide - A deep dive into every checklist item, with plain-language explanations of what each item means, why it matters for SLPs, questions to ask the vendor, and practical tips. Includes a glossary, a regulations-by-region reference table, common scenarios, and a “Keeping Current” section with recommended resources.
The Quick Reference Card - Just the 11 Essential items on a single page. If you only have time for the basics, start here.
The Vendor Questions Sheet - Every question from the checklist compiled into a ready-to-send list. Copy it, adapt it, and email it directly to any vendor you are evaluating.
The whole resource is licensed under CC BY-SA 4.0 - you can share, adapt, and distribute it freely, as long as you credit the source and share under the same license.
Some things that might surprise you
A few items from the checklist that often catch SLPs off guard:
HIPAA does not apply to every tool. HIPAA is a US law that only covers healthcare providers handling Protected Health Information. If a tool is designed so that PHI never enters the system - no client names, diagnoses, or health records stored - it falls outside HIPAA’s scope entirely. A vendor not having a BAA does not necessarily mean they are non-compliant. It may mean their architecture avoids PHI by design. That said, if the tool does handle PHI, a BAA is essential.
AI literacy is now a legal obligation in the EU. Since February 2025, the EU AI Act requires that anyone deploying AI systems ensures their staff have sufficient AI literacy. This applies to SLPs using AI-enabled tools in EU countries. If you cannot explain what the AI in your tool does, you may not be meeting this requirement.
General-purpose AI tools are not clinical tools. ChatGPT, Copilot, and Gemini are powerful, but they are not designed for clinical use. Never enter identifiable client information into these tools unless you have confirmed compliance with your local data protection laws. Some of these tools use your inputs for model training - meaning your client’s data could end up in the training set.
“HIPAA compliant” does not mean “GDPR compliant.” These are completely different laws with different scopes and requirements. A vendor meeting one does not automatically meet the other.
Why I made this
I presented in a webinar recently and shared some tips for SLPs evaluating new technologies. That list expanded - I got a bit carried away (classic) - and it turned into something I think is genuinely useful.
Working in this space, I have found that SLPs often see technology as something unknown and outside their expertise. They do not know if they have checked all the boxes, if they are doing the right things, or if what they are doing is even legal. I completely understand that feeling - I am often in the same position when building software, asking myself whether my product meets this requirement or that regulation.
My own research into compliance has taken me through data protection laws across Europe, North America, Australia, South Africa, Japan, Brazil, and beyond. I have learned a lot, and I wanted to make that knowledge accessible to the people who need it most - the clinicians on the front line.
This checklist is not about promoting any specific tool. It works for evaluating any technology - whether it is VR, an app, a telepractice platform, or an AI-powered assessment tool. Use it on my software, use it on someone else’s. The goal is to help you make informed decisions.
Get the checklist
The Technology Checklist for SLPs is free under CC BY-SA 4.0. Drop your email below and I will send the four-document pack to your inbox - the printable Checklist, the Complete Guide, the Quick Reference card, and the Vendor Questions sheet.
Request Your Free Copy
Enter your email to receive the Technology Checklist for SLPs - 38 items across 9 sections (data privacy, AI transparency, informed consent, accessibility, security, working with children, and more). The pack is sent to your inbox immediately.
Free under CC BY-SA 4.0. Share, adapt, distribute - just credit the source. EU data hosting (Frankfurt). GDPR compliant.
Further reading
If you want to go deeper into any of the topics covered in the checklist, here are some starting points:
- ASHA Code of Ethics - The ethical foundation for technology use in US speech-language pathology
- RCSLT Telehealth Guidance - UK-specific guidance on technology-mediated service delivery
- EU AI Act - The regulation shaping how AI is used in clinical settings across Europe
- GDPR overview - Data protection requirements for anyone working with people in the EU/EEA
- APA Companion Checklist for Evaluating AI-Enabled Tools - A complementary resource from the American Psychological Association
- Cybersickness in clinical VR: what to plan for - Practical guidance on cybersickness when adopting VR in your practice
- withVR Evidence Hub - Peer-reviewed research on VR in speech therapy, summarized in plain language
- Further reading - Books and communities that shape current practice