Client Confidentiality Best Practices for Behavioral Therapy Patients

Confidentiality is required for therapy to be effective. Without it, clients might be afraid to share important details about their lives, and therapists can't address issues if they don't know they exist. Behavioral health professionals have to follow privacy laws to protect clients' rights, establish trust and help patients feel comfortable disclosing their secrets.

Despite the importance of confidentiality, sometimes therapists have to disclose information to protect themselves, their clients or others from harm. It's vital to know when it's appropriate, and in some cases, mandatory to break confidentiality. You likely do not want to risk the trust you've built with your client, but you are also obligated to comply with the law.

Whether you work in a private counseling practice or agency as a therapist, psychologist, psychiatrist or social worker, you're likely familiar with privacy laws and the importance of client confidentiality. You need to know when you should break confidentiality according to your facility's policies and your state's laws because failing to follow regulations could lead to a lawsuit, fine or someone getting hurt. In most cases, you'll need to use your judgment to determine if you need to take action. Even experienced counselors may deal with challenging confidentiality situations. In this post, we'll define confidentiality and help you recognize when you need to break it.

Table of Contents

  1. Therapist Confidentiality Defined
  2. When Does a Therapist Have to Break Confidentiality?
  3. Know Your Local Confidentiality Laws
  4. Confidentiality Tips for Behavioral Health Professionals
  5. Browse ICANotes for More Information

Therapist Confidentiality Defined

Confidentiality requires behavioral health professionals to protect their clients' privacy by not revealing what they say during sessions without their consent. Confidentiality is generally defined by ethical codes and privacy laws. The American Psychological Association (APA) provides confidentiality guidance for therapists in their Ethical Principles of Psychologists and Code of Conduct. According to the APA, psychologists have a "primary obligation" to protect a client's confidential information within the law. Confidential information includes material that has been obtained or is stored in any medium.

State and federal laws also exist to ensure counselors protect their clients' privacy, such as those found in the Health Insurance Portability and Accountability Act (HIPAA). HIPAA's Privacy Rule sets standards to protect a client's information, including therapy-related notes. All identifiable health information, whether it's in oral, electronic or paper form, is protected by the Privacy Rule when it is stored or transmitted by a "covered entity," like a therapist. Failure to comply with HIPAA's Privacy Rule can lead to a hefty fine imposed by the Office for Civil Rights.

Therapist Confidentiality Requirements

Even though confidentiality is a legal obligation, for most therapists, it's also an ethical choice. Counselors recognize the value of keeping client information to themselves, and they take it seriously. Nevertheless, confidentiality is not always black and white, so it's critical to learn the various laws and ethical guidelines. For example, HIPAA permits healthcare providers to disclose protected health information for treatment purposes, such as coordinating care with other health professionals without authorization from the client. Since privacy laws have some gray areas, make sure to explain your policies to your clients. Therapists often describe their confidentiality policy as part of their informed consent form.

The Therapist-Patient Privilege

The therapist-patient privilege is not the same as confidentiality. Confidentiality is guided by ethical concepts, whereas privilege is a legal term used in the law of evidence. The therapist-patient privilege is a client's right to keep the therapist from sharing confidential information with the court. The patient "owns" the therapist-patient privilege and must affirm or waive it, and the therapist must then follow their direction. Therefore, a counselor cannot use a client's confidential information to testify unless the client waives their privilege.

The details of therapist-patient privilege vary by state, but generally, privileged information only includes communications relating to a client's treatment or diagnosis. This includes:

  • What the client reveals during a private therapy session: If a client comes to you for help with a mental health issue, what they say must be kept confidential with certain exceptions. One exception might be if a client confesses a homicide during therapy.
  • What clients say during a group therapy session: Even though clients are around others in a group therapy setting or marriage counseling session, counselors must keep the information confidential, and each client in the group has a privilege.
  • A client's notes: A client's notes, such as their progress notes and medical history, are part of the client's privilege, and must not be disclosed unless there's an exception. This also includes test results related to the client's treatment.

When Does a Therapist Have to Break Confidentiality?

When Does a Therapist Have to Break Confidentiality?

Most laws have exceptions, and the same applies to confidentiality rules. The APA and HIPAA outline situations that may call for a breach of confidentiality. For instance, according to the APA's ethical guidelines, therapists may disclose confidential information in the following circumstances:

  • They obtain the appropriate consent from the client or a legally authorized person on behalf of the client.
  • To provide the necessary professional services.
  • To obtain professional consultations.
  • To protect the client, themself or others from harm.
  • To obtain payment for their service from a client, disclosing the minimum amount of information necessary.

Under HIPAA's Privacy Rule, a counselor can disclose a client's protected health information without authorization under several circumstances, including the following:

  • When it's required by law
  • When public health authorities request information
  • To prevent a serious imminent threat to a person or the public

As with ethical guidelines and privacy laws, there are also exceptions to a client's privilege. Here are four exceptions to the therapist-patient privilege:

1. The Client Has Waived the Therapist-Patient Privilege

A client might waive their therapist-patient privilege if they feel it will benefit them. They might agree to release their mental health information to defend themselves in court, for example. Similarly, you can break confidentiality if you have a client's consent to do so. If a client requests you to release information, it usually only applies to specific disclosure, and all other past and future records must remain confidential.

2. The Client Is Obtaining Services to Commit a Crime or Form of Fraud

In some states, clients will lose their therapist-patient privilege if they seek your services to commit a crime. For example, if a client lies to a psychiatrist to obtain controlled substances, they may not have a privilege.

This doesn't mean clients can't talk about crimes. In general, clients can discuss crimes they've committed in the past without worrying about a confidentiality breach. However, if they are still engaging in criminal activity, and if it's putting others at risk, you may have to notify the authorities.

3. The Client Is a Danger to Oneself or Others

Most states have laws regarding a "duty to warn," and therapists may be obligated to breach confidentiality if a client poses a serious threat to themselves or others. The concept of duty to warn comes from the case of Tarasoff v. Regents of the University of California that occurred during the 1970s.

Sometimes it's not easy to measure the severity of a threat, and it takes careful judgment. For example, if a client says they think about suicide sometimes but would never actually hurt themselves, there probably isn't a need to break confidentiality. On the other hand, if they share a detailed plan to attempt suicide or have a history of suicide attempts, that's a cause for concern. Therapists have the job of recognizing the difference between a client's fantasies and actual threats.

The same rule applies if a person talks about hurting someone else. If a client says they feel like killing someone, but they say they would never do it, there probably isn't a danger. If they discuss a carefully planned strategy to harm someone and have a history of violence, you might want to take action. In such a case, you might be required to notify the person your client intends to harm and the police, depending on your state.

Usually, therapists can only be held liable for not reporting a danger if the threat is serious and communicated directly to you. Overall, if a client poses a serious threat to themselves or others, you can disclose their information to place them in the hospital, under arrest or under the supervision of law enforcers. A duty to warn obligates you to disclose only the threats and not the details of a client's treatment.

4. There Is a Suspicion of Child Abuse

Under the federal Child Abuse Prevention and Treatment Act, you must report suspected cases of child neglect or abuse. Failure to report abuse may lead to a misdemeanor charge and a fine. All mental health care providers are considered "mandatory reporters" by law. Some states also implemented mandatory reporting of elder abuse or neglect.

To report child or elder abuse, a mandatory reporter will usually contact the authorities, Child Protective Services or an anonymous hotline. You do not need proof to report child abuse or neglect, and your identity is kept secure.

Regulations do not generally apply to any abuse that took place in the past. So, if a client talks about the abuse they experienced as a child, you would not report the abuser unless the person has harmed someone who is still a child. It's important to know your local laws, as there might be other situations where you would be obligated to report abuse.

Know Your Local Confidentiality Laws

HIPAA Compliance Laws by State

Though confidentially laws share commonalities, they also vary from state to state. For example, most states have mandatory "duty to warn" or "duty to protect" laws that require counselors to disclose confidential information when a serious threat exists, while others have permissive laws. Some states might have a "duty to treat" law in addition to other regulations. For example, in Maryland, counselors have a duty to warn the police and the potential victim of an imminent threat if treatment doesn't work first.

Nevada, North Dakota, Maine and North Carolina do not have mandatory or permissive duty to warn laws. Arizona, Delaware and Illinois have various duties for different professions. You can research the duty to warn laws in your state by visiting the National Conference of State Legislatures website.

Privacy laws vary from state to state too, so it's critical to review how your state complies with HIPAA. Some states have even more stringent privacy laws than the regulations outlined in HIPAA. You'll have to check with your state legislature to determine exactly what applies to you.

Confidentiality Tips for Behavioral Health Professionals

Knowing when to maintain or break client confidentiality can sometimes add stress and uncertainty to the job. Adding to the confusion is the variety of legal and ethical obligations to consider. If in doubt, you might seek professional or legal advice. In most cases, it'll be up to you to use your best judgment. Here are a few tips to help you:

  • Learn the laws in your jurisdiction and keep updated on the standards set by your state licensing board.
  • Consider expanding your knowledge of risk assessments through a training or continuing education course.
  • Make sure your clients understand the exceptions to confidentiality and your obligations as a provider of mental health care.

According to an article published in Psychiatry MMC, you might also remember the acronym DEAL when solving a confidentiality problem, which stands for:

  • Duty: Do you have a duty to maintain confidentiality?
  • Exception: Does an exception to your duty of confidentiality exist?
  • Ask: Ask a colleague, supervisor or lawyer for help if you're not sure what steps to take.
  • Law: Know the laws in your jurisdiction, as well as your practice's privacy policy.

Browse ICANotes for More Information

Confidentiality is critical to building rapport and treating clients effectively. If a client doesn't feel a sense of trust, they won't feel safe being honest about their thoughts, feeling and issues they're experiencing, and there's no way to help them in the way they need. If you question whether you should break confidentiality, carefully think through the options before you take action, and never be afraid to ask an experienced colleague for guidance.

At ICANotes, we understand that working in the behavioral health field has its rewards and challenges, and that protecting a client's privacy is critical. We've developed an electronic health record (EHR) system for behavioral health professionals, taking the needs of counselors and clients into account. With ICANotes, you'll have access to secure and convenient features, such as note templates, a patient portal and billing solutions. ICANotes also maintains compliance with all HIPAA regulations so you can enjoy peace of mind.

If you would like to learn more about running an efficient, HIPAA-compliant counseling practice, check out our blog or request a free trial today to see how ICANotes EHR can help.

Browse ICANotes for More Information

Watch a Live Demo

Start a Free Trial

Related Posts:

What You Need to Know About EHRs and Patient Privacy
Top 5 Reasons Behavioral Health Professionals Get Sued
How to Train Your Staff on Using an EHR
Billing Pitfalls for Mental Health Clinicians

Sources:

  1. https://www.nolo.com/legal-encyclopedia/if-i-tell-psychologist-crime-i-committed-can-i-trouble.html
  2. https://www.law.indiana.edu/instruction/tanford/web/archive/Psypriv.html#:~:text=Definition.,in%20protecting%20the%20patient's%20confidences.
  3. https://www.apa.org/topics/ethics-confidentiality
  4. https://www.goodtherapy.org/blog/psychpedia/client-confidentiality#:~:text=Client%20confidentiality%20is%20the%20requirement,revealing%20the%20contents%20of%20therapy.
  5. https://www.apa.org/ethics/code/ethics-code-2017.pdf
  6. https://nationalpsychologist.com/2015/05/is-it-ethics-or-law/102875.html
  7. https://www.law.cornell.edu/wex/privilege
  8. http://www.guidetopsychology.com/confid.htm
  9. https://www.goodtherapy.org/blog/psychpedia/client-confidentiality
  10. https://www.hhs.gov/sites/default/files/privacysummary.pdf
  11. https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html
  12. https://www.ncbi.nlm.nih.gov/books/NBK542236/
  13. https://bostonbar.org/sections-forums/sections/family-law/news-archive/2019/02/21/winter-2019-understanding-the-psychotherapist--patient-privilege
  14. https://www.verywellmind.com/what-is-duty-to-warn-2795096
  15. https://www.goodtherapy.org/learn-about-therapy/issues/abuse/recognizing
  16. https://www.childwelfare.gov/pubPDFs/manda.pdf
  17. https://www.ncsl.org/research/health/mental-health-professionals-duty-to-warn.aspx
  18. https://societyforpsychotherapy.org/confidentiality-and-its-exceptions-the-case-of-duty-to-warn/
  19. https://content.datica.com/is-hipaa-federal-or-state
  20. https://relaxedtherapist.com/whatif/i-have-to-breach-confidentiality-part-2
  21. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2922345/
  22. https://www.hhs.gov/sites/default/files/hipaa-privacy-rule-and-sharing-info-related-to-mental-health.pdf
Posted in HIPAA Compliance, Tips for Clinicians and tagged