Blog > Compliance > Therapist Confidentiality: When to Break It, Exceptions & Legal Obligations

When Can a Therapist Break Confidentiality? Laws, Exceptions & Clinical Guidance

Therapist confidentiality is not absolute. Therapists must break confidentiality in specific situations, including imminent risk of harm, suspected abuse, and court orders, and may disclose information in other legally permitted circumstances. Understanding the difference between mandatory and permissive disclosures — and how state law affects your obligations — is essential for behavioral health clinicians. This guide explains when confidentiality must be broken, when it may be, and how to document disclosures properly.

Gemini_Generated_Image_67wtof67wtof67wt

Dr. October Boyles, DNP, MSN, BSN, RN

Last Updated: April 27, 2026

Therapist reviewing confidential patient records to determine when confidentiality must be broken under legal and ethical guidelines
fav (10)

What You'll Learn

  • When therapist confidentiality must be broken — including legal requirements for imminent risk, abuse reporting, and court orders
  • When therapists may break confidentiality under HIPAA and professional guidelines
  • The difference between mandatory vs. permissive disclosures and how to apply them in practice
  • How state laws (including duty to warn and duty to protect) affect your confidentiality obligations
  • What therapist confidentiality covers, including privacy, privilege, and protected health information (PHI)
  • How to explain the limits of confidentiality clearly to clients during informed consent
  • A step-by-step clinical workflow for handling confidentiality exceptions
  • How to document disclosures properly to protect your license and reduce liability
  • Common confidentiality mistakes that can lead to ethical violations or legal risk
  • How confidentiality rules apply in complex situations like minors, couples therapy, and telehealth

Contents

Client confidentiality is required for therapy to be effective. Without it, clients might be afraid to share important details about their lives — and therapists can't address issues if they don't know they exist. Behavioral health professionals must follow privacy laws to protect clients' rights, establish trust, and help patients feel comfortable disclosing sensitive information.

Despite the importance of confidentiality, sometimes therapists must disclose information to protect themselves, their clients, or others from harm. It's vital to know when disclosure is appropriate — and in some cases, mandatory. Whether you work in a private counseling practice or an agency as a therapist, psychologist, psychiatrist, or social worker, failing to follow regulations could lead to a lawsuit, a fine, or someone getting hurt. In this guide, we define confidentiality, clarify when you must or may break it, and provide practical tools for documentation and client communication.

When Can a Therapist Break Confidentiality?

Use this decision flow as a quick guide for determining whether disclosure may be required or permitted.

1. Is there imminent risk of harm?

If the client presents a credible, imminent threat to themselves or an identifiable third party, disclosure may be legally required.

Yes: Take protective action and disclose only what is necessary.
No: Continue to the next question.

2. Is there suspected child, elder, or dependent adult abuse?

If mandatory reporting laws apply, clinicians must report suspected abuse or neglect to the appropriate authority.

Yes: File the required report according to state law.
No: Continue to the next question.

3. Is there a court order or legally valid subpoena?

A judge-signed court order may require disclosure. Attorney subpoenas may require legal review before records are released.

Yes: Consult legal guidance when needed and disclose only what is required.
No: Continue to the next question.

4. Is disclosure permitted for care, payment, consultation, or compliance?

HIPAA and state law may permit certain disclosures for treatment coordination, billing, supervision, audits, or serious non-imminent harm.

Yes: Use professional judgment and apply the Minimum Necessary Rule.
No: Maintain confidentiality unless client authorization is obtained.

Final Step: Document the Decision

Document the legal or ethical basis for the decision, what information was disclosed, who was contacted, when disclosure occurred, and any follow-up actions taken.

What Therapist Confidentiality Covers

Confidentiality Defined

Confidentiality requires behavioral health professionals to protect their clients' privacy by not revealing what they say during sessions without their consent. Confidentiality is generally defined by ethical codes and privacy laws. The American Psychological Association (APA) provides confidentiality guidance in their Ethical Principles of Psychologists and Code of Conduct. According to the APA, psychologists have a "primary obligation" to protect a client's confidential information within the law. Confidential information includes material obtained or stored in any medium.

State and federal laws also exist to ensure counselors protect their clients' privacy, including those found in the Health Insurance Portability and Accountability Act (HIPAA). HIPAA's Privacy Rule sets standards to protect a client's information, including therapy-related notes. All identifiable health information — whether in oral, electronic, or paper form — is protected by the Privacy Rule when stored or transmitted by a "covered entity," like a therapist. Failure to comply with HIPAA's Privacy Rule can result in significant fines from the Office for Civil Rights.

Even though confidentiality is a legal obligation, for most therapists it is also an ethical choice. Nevertheless, confidentiality is not always black and white, which is why clinicians must understand the laws, ethical guidelines, and the difference between confidentiality and privilege.

The Therapist-Patient Privilege

The therapist-patient privilege is not the same as confidentiality. Confidentiality is guided by ethical concepts, whereas privilege is a legal term used in the law of evidence. The therapist-patient privilege is a client's right to keep the therapist from sharing confidential information with the court. The patient "owns" the therapist-patient privilege and must affirm or waive it, and the therapist must then follow their direction. A counselor cannot use a client's confidential information to testify unless the client waives their privilege.

The details of therapist-patient privilege vary by state, but generally, privileged information only includes communications relating to a client's treatment or diagnosis. This includes:

  • What the client reveals during a private therapy session: If a client comes to you for help with a mental health issue, what they say must be kept confidential with certain exceptions — including, in some states, if a client confesses a serious, ongoing crime.
  • What clients say during a group therapy session: Even in group or couples therapy settings, counselors must keep information confidential, and each client in the group holds a privilege.
  • A client's notes and records: Progress notes, medical history, and test results related to the client's treatment are part of the client's privilege and must not be disclosed unless an exception applies.
Diagram explaining therapist confidentiality including confidentiality, privacy, and privilege in mental health care

Mandatory Exceptions: When Therapists Must Break Confidentiality

Mandatory disclosures are those where a therapist is legally required to share information, regardless of client consent. In these situations, disclosure is not optional — it is a legal obligation, and failure to disclose can result in professional and legal consequences.

Infographic showing when therapists must break confidentiality including imminent danger, abuse reporting, and court orders

1.  Imminent Danger to Self

When a client presents a credible, imminent threat of suicide, therapists are generally required — and always ethically obligated — to take protective action. What distinguishes imminent danger from general risk:

  • Not sufficient on its own: A client who reports passive suicidal ideation ("I sometimes wish I weren't here") without a plan, means, or intent generally does not require a breach of confidentiality.
  • Triggers a mandatory response: A client with a specific plan, stated timeline, and access to means — or a recent attempt — constitutes imminent danger. In these cases, you may be required to initiate a psychiatric evaluation, contact emergency services, or arrange hospitalization.

Document your risk assessment thoroughly, including what information you gathered and what clinical judgment you exercised.

Related: Assessing and Managing Suicidal Ideation in Behavioral Health

2. Imminent Danger to an Identifiable Third Party

The concept of duty to warn originates from the landmark case Tarasoff v. Regents of the University of California (1970s), which established that therapists have an obligation to warn identifiable potential victims of credible, serious threats.

  • Not sufficient: A client who expresses general anger, frustration, or a wish that someone were gone — without a specific, credible threat — does not typically require disclosure.
  • Triggers mandatory action: A client who describes a specific plan, target, and means to harm an identifiable person generally requires you to warn the potential victim and notify law enforcement. Disclosure should include only the threat itself — not the details of the client's treatment.

Duty-to-warn laws vary significantly by state (see State Law Differences below). Some states impose a strict duty to warn, others a duty to protect, and a small number have neither.

3. Suspected Child Abuse or Neglect

Under the federal Child Abuse Prevention and Treatment Act, all mental health care providers are mandatory reporters. You are required to report suspected cases of child abuse or neglect to child protective services or the appropriate state authority. Key points:

  • You do not need proof — a reasonable suspicion based on clinical observation is sufficient.
  • Your identity as a reporter is typically protected.
  • Reporting generally applies to current, ongoing abuse. If a client discloses abuse that occurred in the past and the subject child is now an adult, mandatory reporting typically does not apply — but know your state's specific rules.
  • Failure to report may result in a misdemeanor charge and a fine.

4. Suspected Elder or Dependent Adult Abuse

Many states have extended mandatory reporting requirements to cover abuse, neglect, or exploitation of elderly adults and adults with disabilities. If you have reason to believe a vulnerable adult is being harmed, check your state's mandatory reporting statute for specific obligations — including who must report, to whom, and within what timeframe.

5. Court Order or Valid Subpoena

When a judge signs an order compelling disclosure, or when a valid subpoena requires production of records or testimony, therapists generally must comply. However:

  • A subpoena is not automatically the same as a court order. A subpoena from an attorney requests records; a court order compels disclosure by judicial authority. When uncertain, consult with an attorney before disclosing.
  • Assert therapist-patient privilege on the client's behalf unless and until the client waives it or a judge orders disclosure.
  • Disclose only what is specified — apply the Minimum Necessary Rule.

6. Other Mandatory Reporting Requirements

Depending on your jurisdiction, additional mandatory reporting obligations may include:

  • Certain communicable disease reports to public health authorities
  • Reporting of clients who pose a public safety risk under specific state statutes (e.g., impaired drivers in some states)
  • National security investigations under specific federal law (notably, clinicians may be prohibited from notifying clients that disclosure was made)
Flowchart showing when a therapist can break confidentiality including imminent risk, abuse reporting, court orders, and permitted disclosures

Permissive Exceptions: When Therapists May Break Confidentiality

Permissive disclosures are situations where sharing information is legally allowed — but not legally required. Whether to disclose in these circumstances depends on state law, professional judgment, and the circumstances of the case.

Coordination of Care with Other Providers

HIPAA's Privacy Rule permits therapists to share protected health information with other treating healthcare providers for treatment coordination without written authorization. For example, you may share relevant clinical information with a prescribing psychiatrist or primary care physician involved in the client’s care. Best practice: document that the disclosure was for treatment purposes and that you applied the Minimum Necessary standard.

Billing, Insurance, and Audits

Disclosures necessary for payment — such as sharing diagnosis codes and treatment information with insurance carriers — are permitted under HIPAA without client authorization, within the limits of what is necessary for billing.

Clinical Supervision and Consultation

Therapists may discuss cases with supervisors or consult with colleagues as part of standard clinical practice. Identifying information should be de-identified whenever possible. When full disclosure is necessary within supervision, client consent is not required — but the context must be documented.

Preventing Serious Non-Imminent Harm

Some states permit disclosure to prevent serious harm that is not yet imminent. Whether your state allows this depends on your jurisdiction. When uncertain, consult an attorney or your licensing board.

Administrative and Compliance Requirements

Certain administrative disclosures — such as audits, quality reviews, and oversight activities — may be permitted under law. Always apply the Minimum Necessary Rule and share only what is required.

Confidentiality Breaches: What They Are, Consequences, and How to Respond

What Constitutes and Confidentiality Breach

A breach of confidentiality occurs when a therapist discloses protected client information without a legal basis or client authorization. Breaches are often inadvertent rather than intentional, but they carry serious professional and legal consequences regardless of intent. Common forms of breach in behavioral health practice include:

  • Discussing a client's case with friends, family, or colleagues outside a professional clinical context — including when no names are used (clients can be identifiable through contextual details, especially in smaller communities)
  • Leaving records, notes, or screens visible to unauthorized individuals
  • Discussing clinical information in public areas — waiting rooms, hallways, hospital cafeterias, public transportation
  • Sharing information with parties not covered by a signed release
  • Posting case details online, in professional forums, or on social media — even with identifying information removed
  • Sending records or communications through non-secure channels

Consequences for Clinicians

Breaches of client confidentiality are among the most common bases for licensing board complaints against counselors and therapists. Depending on the nature and severity of the breach, consequences may include:

  • Licensing board action: Complaints, investigations, sanctions, or revocation of licensure
  • HIPAA penalties: Civil penalties ranging from $100 to $50,000 per violation (up to $1.9 million annually per category); criminal penalties for willful violations
  • Malpractice liability: Civil lawsuits for damages resulting from the breach
  • Loss of client trust: Therapeutic alliance damage that may be irreparable

Steps to Take After a Confidentiality Breach

If a breach occurs — intentionally or inadvertently — take these steps:

  1. Stop the disclosure as quickly as possible if it is ongoing
  2. Document the incident in detail: what information was shared, with whom, how, and when
  3. Consult your supervisor or risk management department before taking further action
  4. Assess whether HIPAA breach notification is required — HHS provides a four-factor harm analysis to guide this determination
  5. Notify the client with transparency and empathy when legally appropriate and ethically warranted
  6. Review and remediate the practices or conditions that led to the breach
  7. Seek legal counsel if the breach is significant or if litigation is possible
Therapist Confidentiality Practice Kit with templates for informed consent, breach response, and disclosure documentation

Free Download

Get the Therapist Confidentiality Practice Kit

Three ready-to-use templates to help you explain confidentiality limits, respond to breaches, and document disclosures with confidence.

  • Informed Consent Disclosure
  • Breach Response Plan
  • Disclosure Documentation Log

Takes less than 30 seconds.

This field is for validation purposes and should be left unchanged.
Name(Required)
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form

Educational resource only. Review with legal counsel and your state licensing board before use.

Know Your Local Confidentiality Laws

Though client confidentiality laws share commonalities, they vary meaningfully from state to state. Most states have mandatory "duty to warn" or "duty to protect" laws requiring clinicians to disclose confidential information when a serious threat exists — but not all.

Nevada, North Dakota, Maine, and North Carolina do not have mandatory or permissive duty-to-warn laws. Arizona, Delaware, and Illinois have varying duties depending on the licensed profession. In Maryland, counselors have a specific duty to warn police and the potential victim of an imminent threat if treatment does not first adequately address the risk. You can research duty-to-warn laws in your state through the National Conference of State Legislatures.

Privacy laws also vary by state. Some states have more stringent privacy protections than the federal HIPAA minimum. Review your state's statutes to understand exactly what applies to your practice setting and licensure.

Confidentiality and Minors

Confidentiality rules for minor clients are among the most nuanced in behavioral health practice, and they differ substantially from state to state.

Default rule: In most states, parents or legal guardians of minor clients have the right to access their child's treatment records. The minor is typically not the "holder" of privilege — the parent or guardian is.

Exceptions to parental access: Many states grant minors the right to consent to — and to receive confidential services for — specific categories of care without parental involvement. Common categories include:

  • Substance use disorder treatment
  • Mental health treatment (thresholds vary: some states allow independent consent at age 12 or 14; others at 16)
  • Sexual and reproductive health services, including STI treatment
  • Outpatient mental health services in some states

When disclosure could harm the minor: Most states also provide exceptions allowing clinicians to withhold information from a parent or guardian when disclosure would place the minor at risk of harm. This applies most commonly in situations involving domestic abuse, parental substance use, or family violence. If a parent demands records you believe would endanger the child, consult with your licensing board or legal counsel before disclosing.

Practical implication: At intake with minor clients, clarify what parents will and won't have access to, under what circumstances you might contact parents without the minor's consent, and how you'll handle records requests. Document this discussion in the clinical record.

Ethical Codes That Guide Confidentiality Disclosures

In addition to state and federal law, behavioral health professionals are bound by the ethical codes of their licensing and certification bodies. While the specific language varies, the major professional associations align on core principles:

American Psychological Association (APA)

Psychologists have a primary obligation to protect confidential information; disclosures should be limited to the minimum necessary; clients should be informed at the outset about the limits of confidentiality.

American Counseling Association (ACA)

Counselors protect client information, discuss the limits of confidentiality at intake, and disclose only what is legally required or necessary to prevent serious harm. The ACA Code explicitly calls for seeking consultation when uncertain about confidentiality obligations.

National Association of Social Workers (NASW)

Social workers protect confidentiality, limit disclosures to those necessary, and inform clients of exceptions at the start of the therapeutic relationship.

American Association for Marriage and Family Therapy (AAMFT)

MFTs protect confidential information and provide clear informed consent disclosures; unique considerations apply in conjoint therapy when one member of a couple or family discloses information the other is not privy to.

Shared principle across all codes: When uncertain whether a situation requires disclosure, seek consultation with a supervisor, colleague, or attorney before acting. Consultation itself is ethically encouraged and does not constitute a breach of confidentiality when handled appropriately.

How to Explain Confidentiality Limits to Clients

Explaining the limits of confidentiality clearly at the outset of treatment is both an ethical obligation and a practical clinical necessity. Clients who understand what is — and isn't — protected are better positioned to make informed decisions about what to share.

When to explain: At intake, as part of informed consent. Revisit as needed when situations arise that approach the limits.

What to Cover:

  • What information is protected by default
  • The specific circumstances in which you are legally required to break confidentiality (mandatory exceptions)
  • The circumstances in which you may break confidentiality with your professional judgment
  • How records requests and releases of information work
  • How electronic communication and telehealth affect privacy

Sample Informed Consent Language

All information you share in therapy is confidential, with the following legally required exceptions: I am required by law to report if I have reason to believe a child or vulnerable adult is being abused or neglected. I am required to take protective action if I believe you or another identifiable person is in imminent danger. I may be compelled to produce records or testimony by a court order. In all other circumstances, I will not share your information with anyone without your written authorization.

Practical Tips for the Conversation:

  • Keep the explanation plain and direct — avoid legal jargon
  • Invite questions rather than rushing through the intake form
  • Frame limits not as threats to the relationship but as legal obligations that exist to protect everyone
  • Prepare clients for how you'll handle public encounters (e.g., not acknowledging them to protect their privacy)

Need a ready-made confidentiality form?

Download the free Therapist Confidentiality Practice Kit, which includes a complete Client Confidentiality & Informed Consent Disclosure — already written to cover mandatory exceptions, permissive disclosures, and telehealth risks. Use it at intake, customize it for your practice, and never start from scratch.

Clinical Workflow: What to Do When You Must Break Confidentiality

When disclosure appears required or legally permitted, follow a deliberate process rather than acting reactively:

What to Do When You Must Break Confidentiality

Step 1

Verify the legal obligation. Confirm that a mandatory exception exists and applies to the specific facts of the situation. When uncertain, consult a supervisor, colleague, or attorney before disclosing.

Step 2

Apply the Minimum Necessary Rule. Regardless of whether disclosure is mandatory or permissive, share only the information specifically required for the purpose. Disclosing clinical history, diagnosis, or treatment details beyond what the legal obligation requires is both unnecessary and potentially harmful.

Step 3

Notify the client when legally permitted. In most non-emergency situations, inform the client that you are required to disclose and what information will be shared. This preserves trust and gives the client an opportunity to participate. Do not notify the client when doing so would create safety risks — for example, in some domestic violence or active threat situations.

Step 4

Make the required disclosure. Contact the appropriate party (law enforcement, child protective services, the potential victim, the court) and provide only the required information.

Step 5

Document everything immediately. Include decisions, contacts, and actions taken. See the documentation section below.

Step 6

Follow up clinically. Assess the impact of the disclosure on the therapeutic relationship. Address the client's response directly and therapeutically. Revisit the treatment plan as needed.

How to Document Confidentiality Exceptions

Thorough documentation is your best protection when a disclosure is required — both for legal defensibility and for clinical continuity. When you must break confidentiality, document the following in the clinical record:

Checklist showing what therapists must document when breaking confidentiality including risk assessment and disclosure details

Client statements and risk assessment:

  • The specific client statements or behaviors that triggered the concern
  • Your clinical assessment of risk (imminent vs. non-imminent, specific vs. vague, with/without plan or means)
  • Any consultation you sought and the outcome

The disclosure decision:

  • The legal or ethical basis for disclosure (specific statute, court order, or ethical code)
  • Why the specific exception applies to the facts of this case
  • That you applied the Minimum Necessary Rule

The disclosure itself:

  • Who was contacted (name, title, organization)
  • When and how the disclosure was made (phone, in person, written)
  • Exactly what information was disclosed
  • The response of the recipient

Client notification:

  • Whether the client was notified prior to disclosure and their response
  • If client notification was not possible or was clinically contraindicated, document why

Follow-up:

  • Actions taken after disclosure (safety plan, hospitalization, referral, follow-up contact)
  • Client's clinical response and any adjustment to treatment plan

ICANotes supports this documentation workflow with customizable progress note templates that allow clinicians to document risk assessments, disclosure decisions, and follow-up actions quickly and completely — with every entry time-stamped and stored securely.

Free Disclosure Documentation Log

Put the documentation framework from this section directly into practice. Our free kit includes a fillable Disclosure Documentation Log — structured to capture every element regulators and licensing boards look for: legal basis, client statements, what was disclosed, to whom, and follow-up actions. Part of the free Therapist Confidentiality Practice Kit.

Additional Tips for Behavioral Health Professionals

Knowing when to maintain or break client confidentiality can add stress and uncertainty to clinical practice. Here are a few additional principles to guide your judgment:

  • Learn the laws in your jurisdiction — state-specific statutes govern most confidentiality decisions in practice
  • Consider expanding your knowledge of risk assessments — structured risk assessment frameworks help you make and document defensible clinical judgments
  • Make sure your clients understand the exceptions to confidentiality — informed consent is both a legal requirement and a trust-building practice

When solving a confidentiality dilemma, remember the acronym DEAL:

  • Duty: Do you have a duty to maintain confidentiality?
  • Exception: Does an exception to your duty of confidentiality exist?
  • Ask: Ask a colleague, supervisor, or lawyer for help if you're unsure what steps to take.
  • Law: Know the laws in your jurisdiction, as well as your practice's privacy policy.
icons (26)

Frequently Asked Questions About Therapist Confidentiality

Can a therapist discuss a client with other professionals for advice?
Yes, but only under specific conditions. Clinical consultation is a standard and ethically encouraged practice to ensure high-quality care. Therapists must avoid sharing identifiable information unless the client has signed a release or the consultation occurs within a confidential supervisory relationship. Even then, only the minimum necessary information should be disclosed.
Can therapists talk about clients to friends or family if no names are mentioned?
No. Even without using names, sharing client information with friends, family, or anyone outside a professional context is a breach of confidentiality. Clients may be identifiable through contextual details, especially in smaller communities. Ethical and legal guidelines require that all details about clients — spoken or implied — remain private unless explicit consent is given.
Is it a violation to discuss a client's case online, even if anonymized?
Yes, it can still be a violation. Discussing client cases online poses serious risks even in professional forums. Clients may be identifiable from seemingly minor details. Anonymization is rarely foolproof, and many professional boards explicitly prohibit online disclosures. Therapists should never share case details online unless the client has given informed written consent and the platform ensures secure, private communication.
What should a therapist do if accidentally breaching client confidentiality?
If a breach occurs, take immediate steps to mitigate harm: stop the disclosure if ongoing, document the incident in detail, consult your supervisor or risk management department, and assess whether HIPAA breach notification is required. Notify the client with transparency and empathy when appropriate, and implement safeguards to prevent future occurrences.
How should therapists handle client encounters in public?
Therapists should not initiate contact with clients in public settings to protect their confidentiality. If a client acknowledges the therapist first, respond politely but avoid discussing anything clinical. Prepare clients in advance during intake for how public encounters will be handled, to avoid confusion or discomfort.
How should a therapist respond if unsure whether a situation legally requires breaking confidentiality?
When uncertain, do not act unilaterally — consult first. Reach out to a supervisor, colleague with relevant expertise, your professional licensing board, or a mental health attorney. Document that you sought consultation and the outcome of that consultation. Acting with due diligence — seeking guidance before disclosing — demonstrates good clinical judgment and provides legal protection if your decision is later questioned.
What should clinicians do when disclosure is legally required but the client refuses consent or becomes upset?
Explain clearly and calmly what you are legally required to do and why, while acknowledging the client's feelings and the impact on the therapeutic relationship. Assure them that you are disclosing only the minimum necessary information. Do not let client distress deter you from a legally required action — but document the client's response and your clinical management of it. Address the aftermath therapeutically in subsequent sessions.
How do confidentiality rules apply in couples or family therapy?
Confidentiality in conjoint therapy is significantly more complex than in individual treatment. When you treat multiple people together, each person holds their own confidentiality and privilege rights — but they are in a shared treatment context. Key considerations: Can one partner subpoena session records over the other's objection? (Generally, when both are clients, both hold privilege, and consent of both may be required.) Will you hold individual disclosures made in separate sessions confidential from the couple? Define your policy clearly in the informed consent process at the outset of conjoint therapy and document it. Many clinicians use a "no secrets" policy in couples work — disclosing to both partners that information shared individually may need to be addressed in joint sessions.
What are the confidentiality considerations for telehealth?
Telehealth introduces specific confidentiality risks that in-person practice does not. These include: ensuring the platform is HIPAA-compliant and that the Business Associate Agreement is in place with the vendor; confirming the client is in a private location before the session begins; using secure, encrypted communication channels for all clinical contact; ensuring records transmitted electronically are protected. Inform clients at intake about how digital communications are handled, how to use the platform securely, and what happens if a technical failure occurs during a session involving sensitive disclosures.
Can a therapist break confidentiality if a client expresses suicidal ideation without a plan?
Not necessarily, and clinical judgment is essential. Suicidal ideation without a plan, intent, or means — particularly in a client who has a stable therapeutic relationship and no history of attempts — generally does not require a break of confidentiality. The obligation to act arises when the threat is imminent and credible: a specific plan, identified means, stated timeline, or prior attempt significantly elevates risk. Conduct and document a thorough risk assessment at every session where suicidality is present, assess for changes in ideation, and consult when uncertain. Your assessment of imminent danger — not the presence of ideation alone — governs the disclosure decision.

How ICANotes Helps Protect Client Confidentiality

Maintaining confidentiality goes beyond ethics — it's a legal and clinical imperative. ICANotes is built with behavioral health privacy in mind, offering features that help clinicians safeguard client information with confidence. From HIPAA-compliant documentation and secure telehealth sessions to robust access controls and encrypted data storage, ICANotes ensures your practice stays protected. Whether you’re solo or part of a group practice, our platform supports secure workflows — including customizable templates for documenting risk assessments, confidentiality disclosures, and breach responses — so you can focus on care, not compliance risks.

Schedule a demo or start your free 30-day trial to see how ICANotes can support your confidentiality documentation workflow.

From High-Risk Situations to Audit-Ready Documentation — In Minutes

Knowing when to break confidentiality is critical — but documenting those decisions correctly is what protects your license, supports compliance, and holds up under scrutiny.

ICANotes helps you translate risk assessments, mandatory disclosures, and clinical decision-making into structured, defensible documentation — without starting from scratch.

  • Templates for risk assessment, disclosures, and documentation
  • Structured notes that support medical necessity and compliance
  • Guided workflows for documenting confidentiality exceptions
  • Faster documentation with clinically relevant language built in

Start your free 30-day trial — no credit card required.

Takes less than 60 seconds to get started

Recent Posts

Sexual trauma clinical response toolkit with checklist, clipboard, and documentation tools for behavioral health clinicians
04-27-2026

Sexual Trauma Therapy: How to Respond, Treat, and Document

therapist reviewing anxiety intervention flowchart with client selecting CBT exposure mindfulness or ACT techniques
04-08-2026

Interventions for Depression: Evidence-Based Techniques (CBT, ACT, DBT)

Illustration comparing ASPD and ADHD, highlighting differences between antisocial personality disorder and attention deficit hyperactivity disorder.
04-03-2026

ASPD and ADHD: How to Differentiate Antisocial Personality Disorder vs ADHD

Therapist reviewing a couples therapy treatment plan with measurable treatment goals during a counseling session
03-23-2026

Couples Therapy Treatment Goals & Plans: A Clinical Guide

Teen group therapy session with adolescents participating in a therapeutic group discussion led by a mental health clinician.
03-20-2026

Teen Group Therapy: How to Structure Effective Therapy Groups for Teenagers

Therapist using acceptance and commitment therapy techniques for depression during a counseling session
03-13-2026

ACT for Depression: Practical ACT Interventions That Work

Dr. October Boyles

DNP, MSN, BSN, RN

Dr. October Boyles is a behavioral health expert and clinical leader with extensive expertise in nursing, compliance, and healthcare operations. With a Doctor of Nursing Practice (DNP) and advanced degrees in nursing, she specializes in evidence-based practices, EHR optimization, and improving outcomes in behavioral health settings. Dr. Boyles is passionate about empowering clinicians with the tools and strategies needed to deliver high-quality, patient-centered care.

Sources and Resources for Further Learning