Nothing and nobody is perfect. And that’s true of the therapist/client relationship when it comes to maintaining the confidentiality of our work together. The Rule is — I will disclose nothing without your consent. That’s easy. But then there are many important exceptions that may arise.
Limits imposed voluntarily:
- Access to patient information in the work setting. Although I do not ordinarily have staff or co-workers, I may ask other psychologists to cover for me if I am out sick or traveling. I may also consult with other professionals for clinical, legal and/or ethics advice, and for things like billing and computer technical support.
- Disclosures I may make in my own judgment without further consent. If I believe you are a danger to yourself or others, I will call appropriate authorities, known friends and/or family members. I will warn people if I believe they are in grave danger. This includes physical violence as well as things like transmitting dangerous diseases such as HIV/AIDS. I may disclose information to parents or guardians of patients who are under 18.
- Dual relationships or conflicts of interest. We may discover, for example, that we both know another person, who might be a friend or acquaintance, or a former or current client. We may even have to stop meeting if that happens.
- Contracts with third parties. For example, your insurance company or someone else paying for these services may have access to my records for audits and quality assurance. At minimum, an insurance company, referring employer or lawyer will know that we are meeting.
- Record keeping. I maintain treatment and business records, including correspondence and billing data, in electronic (“digital”) format rather than paper whenever possible. I take reasonable precautions to ensure that all information is stored, transmitted and backed up securely. No unauthorized persons have access to my paper or digital records. However, I do not guarantee or indemnify against loss or disclosure of information caused by physical or identity theft, damage to equipment or storage systems, or other events beyond my control.
Limits imposed by law (federal and state):
- I have a legal duty to report known or suspected abuse of children and elders.
- Parents generally have access to a minor child’s treatment records.
- Legal proceedings started by you other others may grant access to my records, such as: when your mental health or injuries become a legal issue; custody/visitation disputes; child or elder abuse cases; workers compensation or other workplace/employment issues.
- Involuntary commitment proceedings (hospitalization) means disclosure.
Possible redisclosure of the information:
- I cannot control what other people and agencies do with disclosed information. For example, your waivers in legal matters, or applications for insurance or loans can trigger redisclosure.
- If you are required by someone such as a court, Department of Human Services, Probation or Parole Officer, Child Protective Services, Social Security, state welfare, or similar agency to attend assessment or therapy sessions, or if someone else is paying your bill, you agree that I may report to them about your attendance and progress in treatment.
Electronic Communications (email and text messaging)
- An individual has the right under federal privacy rules (HIPAA) to request and have a health care provider communicate with him or her by alternative means or at alternative locations, if reasonable. For example, a health care provider should accommodate an individual’s request to receive appointment reminders via e-mail, rather than on a postcard, if e-mail is a reasonable, alternative means for that provider to communicate with the patient.
- By the same token, however, if the use of unencrypted e-mail is unacceptable to a patient who requests confidential communications, other means of communicating with the patient, such as by more secure electronic methods, or by mail or telephone, should be offered and accommodated.
- Patients may initiate communications with a provider using e-mail. If this situation occurs, the health care provider can assume (unless the patient has explicitly stated otherwise) that e-mail communications are acceptable to the individual. If the provider feels the patient may not be aware of the possible risks of using unencrypted e-mail, or has concerns about potential liability, the provider can alert the patient of those risks, and let the patient decide whether to continue e-mail communications.