Bernard McDowell, lcsw
Psychotherapy & Couples Counseling
2700 SE 26th Avenue Suite D, Portland, OR
| Confidentiality: Therapeutic Importance, Legal Definitiions, and Loopholes
by Bernard McDowell, lcsw copyright 2003
therapy, the term confidentiality once meant that anything a
client told a therapist remained strictly between the two of them.
Absolutely no identifying information was revealed about the
client to anyone else--no exceptions. This article elaborates
why that policy served as a cornerstone for the practice of
psychotherapy both for each individual client and the whole institution
of therapy. Unfortunately over the course of decades, many
laws and the orthodox practices of the insurance industry effectively
eroded the original value of "confidentiality" beyond recognition.
Today there are many different operational definitions of
confidentiality from state laws, licensing boards,
associations, a new federal "privacy" law, and a US Supreme Court
ruling in 1996. This article offers a general overview of
these issues. Other related articles include my "Privacy
Notice" consistent with new Federal Law and a general disclosure
statement about my practice. Though
written to be read as a whole, each of the sections
below hold up on their own--so you may click on any sub topic to the
right or simply begin reading directly below.
things I see or hear concerning the life of Whatsoever I see or things
I hear from a man, in any attendance on the sick or even apart
therefrom, which ought not to be voiced about, I will keep silent
Importance of True Confidentiality In a Therapeutic Relationship
The word, confidentiality, derives from
the Latin meaning to keep faith with or to maintain "fidelity" with
another person. One dictionary defines fidelity as "implying
the unfailing fulfillment of ones duties and obligations and strict
adherence to vows or promises." Modern research
supports the wisdom of strict confidentiality and historical archetypes
underscore its value. Dr. Joan Boresynko, a noted
medical researcher on the intersection of mind/body phenomena, reports
on a number of experiments done on confidentiality and the value of
sharing. For example, one experiment simply asked subjects to
speak their secrets to a shower curtain hung up against a wall. The T-cell
count in their blood went up indicating a strengthened immune system.
The preamble to the so called "privacy standards" issued by
the Health and Human Services Department in December 2000 cites
research that adolescents avoid treatment or withhold
important information if they can't count on privacy.
However, modern experiments with
statistical analyses aren't necessary to appreciate confidentiality.
The famous psychologist, C.G. Jung, proposed that the
practice of confession in Catholicism prefigured psychotherapy.
Priests' vow to keep all confessions a complete secret
created a safe place for people to seek forgiveness. Other
religions and healing practices guard private consultations.
Until recently by the Hippocratic Oath, medical doctors were
held to confidentiality. Issues related to confidentiality
show up in literature, myth, and fairy tales. Allen Chinen,
M.D., a Jungian analyst, collected old teaching tales from around the
world about depressed men. Across cultures, similar themes
appear. For example, in a tale about an Italian peasant
depressed over a lost wheat harvest, a key element in his healing
revolved around the struggle to open emotionally to his wife while
remaining selective with the landlord. So, confidentiality is
important, but why? how does it work?
The therapy process conducted in strict
confidentiality serves as a sacred trust for the client's inner life.
Therapy offers a deep invitation to a person to explore the
whole range of his or her experience including the most sensitive,
fragile aspects--without fear of judgment or reprisals.
Provided iron clad privacy, clients are freer to begin
unearthing parts of themselves they don't like or don't want
to admit to--to themselves not just the therapist; that's
often a crucial step to free ourselves from outworn, painful patterns.
(Much more could be added about how the very formation of
psychological identity develops and how that relates to
confidentiality--but that is beyond the scope of this brief article.)
Rulings and Legislation
ushered in much state legislation requiring doctors and therapists to
report child abuse. In 1976, a California court issued the
"Tarasoff" decision mandating therapists to break confidentiality if a
client shared their plans to physically harm somebody. By the
late 70's, insurers began covering mental health. Diagnostic
codes became standardized encapsulating a great deal of information
which insurers insisted on having to an ever increasing degree.
With the advent of managed care in the '80's & '90's,
HMO's demanded routine detailed access to symptoms, "multi-axis"
diagnoses, treatment plans, progress, medications, substance use or
abuse history not only of the client but "family history", etc..
These trends were slowed by a 1996
Supreme Court case, Jaffee v. Redmond. The Court held that
statements made to a therapist during a counseling session were
protected against civil discovery under the Federal Rules of Evidence.
Recognizing that a breach in confidentiality in one
case compromises the whole institution of therapy, the Court
ruled in favor of a client's rights to have records kept confidential
even in a case where a violent death occurred. The Court
wrote it "serves the public interest by facilitating the appropriate
treatment for individuals suffering the effects of a mental or
emotional problem. The mental health of our citizenry, no less than its
physical health, is a public good of transcendent importance.''
To date there have only been a few tests of Jaffee, so it has
yet to be determined how much influence it will have on similar cases
or whether it may be used to stop the intrusions of managed care or a
new Federal law on "privacy".
Unfortunately legislation, managed care
practices, and insurance companies' demands to audit information
continue to severely distort the meaning of confidentiality as it was
once conceived. Furthermore, over the last decades there are numerous
examples of entire data bases of medical records being left in garbage
cans, in discarded computers at a thrift store, or posted on line for
anyone to view. Therefore people seeking therapy
may do well to investigate what will happen to information shared with
a therapist or doctor. It is certainly still possible to gain
a high degree of confidentiality with a psychotherapist but only by
educating oneself and carefully considering whether to use insurance or
New Federal "Privacy Rule"--A Few Practical Cautions
There is a
new Federal Law--so called "privacy law", Health Insurance Portability
and Accountability Act [HIPAA]. Though citing the Supreme
Court's "Jaffee" decision, HIPAA proceeded to leave the notion of
confidentiality in shreds. Originally HIPAA was
planned as protection against electronic transactions only
given how information is increasingly vulnerable to interception on the
net, hack attacks into medical files, etc.. The law now
covers information shared electronically but also written records and
"oral communications". Under intense lobbying pressure from
major corporations, the Health and Human Services Department, authors
of HIPAA, also institutionalized access to information traditionally
kept between doctor and patient. For
instance, most of what used to be considered psychotherapy
records is now specifically defined as part of the "medical record"
which can be released for many different purposes without a
client's consent. But what does that mean? does it
have implications for the average citizen?
Reasonable people might wisely prefer to
not have certain information in their "medical record" in numerous
circumstances--including anyone divorcing and anticipating a
child custody conflict, anyone in the public eye such as a politician
or someone with minor celebrity status,
anyone planning on going into business or applying
for life insurance, doctors or therapists
when they are in the role of patients, and on and
on. Drugs and sexual matters are particularly sensitive
concerns. Under HIPAA, law enforcement
agencies have the right to examine your records without your
consent. Wow, the list is beginning to grow!
Following are a few illustrations; but first, on a positive
note, under HIPAA, a more stringent state law takes precedence.
In Oregon, there are still state laws that require consent as
do professional ethics though there are different requirements for
different licensure categories and a number of exceptions.
Some of these--court orders, child abuse, potential harm to
self or others--are elaborated at Confidentiality
In My Practice. Later, we'll consider how
to best protect your privacy. Also, HIPAA distinguishes
between a consent and an authorization. A consent is not
needed for release of information for "treatment, payment, or health
care operations" while an "authorization", a document with specific
requirements, is used for most other disclosures.
On the side of caution and informed
consent, consider a few examples of increasing infringements on medical
records. Prior to HIPAA, a specific written
authorization would be needed for a therapist to talk with a client's
family doctor. Now, a consultation is defined as part of "treatment" so
a therapist and doctor (or a referring provider) may share any and all
clinical information they deem necessary without the client's consent
or even bothering to inform him or her. Nor is consent needed
when information is used for "health care operations"; but that
includes everything from "quality control" to the "business" meetings
of insurers to fundraising for hospitals. Consents aren't
required for "payment" which includes many functions allowing for
exchanges with "consumer reporting agencies" and debt collection
companies which are specifically given permission to approach spouses
and parents with some information (formerly protected as a sacred
trust). Therapists may use all client
information for training programs. This short list doesn't
begin to enumerate the range of "disclosures" which HIPAA permits
formerly regarded as strictly under the control of the client!
Again, while some rationalization is proffered for each of
these "exceptions", taken as a whole it's clear that confidentiality
can hardly be taken for granted. Let's review a few more
examples before charting what a client might do--in lieu of, what used
to be, a simple matter of trusting that information about their most
private lives will be respected.
One insurer, the Hawaiian Health Plan,
covers about 70% of the population there. But recently that
health plan, a corporate enterprise, required all doctors doing
business with them to agree to let the insurer examine the doctors'
personal medical records at the insurer's bidding.
Presumably, that's to protect the insurer from doing business
with fraudulent, incapacitated, or otherwise impaired doctors.
But that requires most doctors to drop 70% of their business
or give up the confidentiality between themselves and their doctors--a
centuries old value!! But remember a great deal of
psychotherapy information is now considered part of the medical record
under Federal Law. So if those doctors ever went to a
therapist, they will be giving their permission for the insurer to read
"any summary of diagnosis, progress, treatment plan, functional status,
prognosis, results of clinical tests, modalities and frequency of
treatment, medication: prescription and monitoring", and "any other
information necessary for treatment or payment”. That list is
verbatim from the law. In another passage in the Federal
Register, HIPAA adds "themes of psychotherapy" sessions to items
belonging to the medical record .
Note that scenario isn't confined to
Hawaii. In recent times, many if not most managed care panel
applications ask therapists if they've ever had a "psychiatric
diagnosis" and to supply details if they had. In effect, that
meant that any therapist who ever had therapy paid for by insurance
(because insurance only pays for treatment with a diagnosis).
Keep in mind that many graduate programs require their
students in fields related to therapy to do therapy themselves.
These examples cited doctors and therapists but
bear in mind that the whole medical field comprises a significant
percentage of the entire workforce of the country.
So OK? Still, so information is released
but how will that be a problem? Certainly, there is the potential
humiliation for a doctor on a relatively small island to do business
with executives at an insurance company that know all about his or her
depression over a divorce or a case of herpes or an affair or a
thousand and one other things. Not just for these Hawaiian
doctors but for virtually anyone, the mere fact of having received one
of the mildest mental health diagnoses (called "adjustment disorders")
may result in getting turned down for both health and life insurance
for up to a year or longer. As painful as it is, divorce is
quite common these days. People often have depressive
reactions going through divorce with agonizing decisions about child
custody arrangements. Therapy may prove very helpful yet such
a person may do well to carefully evaluate what records will be kept on
them and the conditions under which they may be released.
Workers compensation, numerous other examples and for each
the laws may be complex.
There are many other giant loopholes in
HIPAA as well. It requires all providers and health plans to
give each client a "Privacy Practices Notice" on the first visit as the
cornerstone for assurance of privacy. The Notice supposedly
describes how the client's information will be protected; but if that
notice contains a clause reserving the right to change it, it may be
changed at any time--and those new changes apply
retroactively to information the client gave the doctor or therapist
based on the old privacy practices. This set up so
lacks in integrity that to begin therapy by giving a client a Privacy
Practice Notice without pointing out this loophole makes a joke of the
client's trust from the very first contact. Well, the list of
problems is lone and this forum is too small to do justice to the
topic. So, it is time to put the question, what is
the best way to protect your confidentiality?
To Protect Your Confidentiality
If you are
looking for a quick formula to best ensure
confidentiality, it might simply be 1) do not use insurance
or any third party payer, and 2) find a therapist in a solo
private practice who only keeps notes on paper, doesn't
engage in any electronic transmissions, and satisfies you about their
attitude and practices about confidentiality (there are a number of
questions suggested below). If you do use insurance, as
explained below, a PPO plan is better than an HMO with regard
to your confidentiality. If you do use an HMO, you may, at
least, tell your therapist that you'd like to explore together
what information your therapist sends to them.
If you do choose to use insurance, you may never
have a problem! However, there are plenty of
potential concerns and they're not all that rare. Know that
once your therapist sends information to an insurer the therapist no
longer has any control over how it is disclosed. There are a
number of circumstances in which insurers send information to the
Medical Information Bureau in Massachusetts which in turn sends that
info to other insurers--e.g., when someone has been turned
down or is applying for health insurance. Some states have
laws mandating that if you file a workers compensation claim, the
insurer and the employer have the right to examine your records.
Many companies are self insured--in fact, a common example
are hospitals or HMOs themselves--typically large employers.
By HIPAA those companies are supposed to separate
information obtained in their function as an employer from their
function as an insurer. But that begs the question of whether
someone wants to trust the employer with their most private information
(and if that is psychologically healthy).
Indemnity insurance or a PPO
[preferred provider] health plan generally intrudes less
than an HMO or an insurer with a managed care company handling its
mental health coverage. Preferred Health plans typically
require a therapist to file a HCFA form, a standard Federal billing
form used by doctors and therapists. The only intrusive
information that form requires is a diagnostic code. However,
those codes, though just a few digits, do sum up quite a bit of
information. For example, 296.32 refers to Major Depression
recurrent with moderate severity. That in turn means that the
person had 5 or more from a list of 9 depressive symptoms for two weeks
or longer. That list of 9 includes "suicidal ideation",
"feelings of worthlessness", and difficulty concentrating.
That's all very much in the normal range of a reactions to
normal developmental challenges at one time or another in our lives.
But not the type of info you'd want a prospective employer to
know! You certainly wouldn't put it on your resume.
Yet under HIPAA an employer is allowed to ask for
your authorization for the release of medical record--information
that will be in your record if you used insurance.
To assess a prospective therapist's
reliability concerning confidentiality, I'd suggest asking
questions before sharing any personal
information. You might start off with a broad question like,
"how do you keep your records confidential?". But bear in
mind that capsule replies such as "I keep your records strictly
confidential" or "we offer strict confidentiality according to the law"
don't really mean much as the above examples make clear. Most
therapists will give you information in writing at the first session
about confidentiality. But that's generally a boilerplate
required by law or professional organizations. You might wish
to inquire further to get a sense of the therapist's attitude
about keeping your confidence. Relevant concerns include
whether records are kept on computers or on paper. If on
computer, whether they go on-line with that same computer? Is
it a lap top? do they take it out of their office? do they have their
access to their files protected?
Of course, after a few of these questions
you get a sufficient sense of the therapist's attitude to satisfy you.
For those who are interested, here are some other areas to be
aware of. Many therapists belong to consultation
groups with their peers who discuss cases together.
While that has important benefits, it also entails the issue
of whether the therapist shares any information that identifies
clients--under HIPAA that's allowed but not necessarily under state
laws and professional practice. Does the therapist
freely discuss cases with their spouse or partners?
The answer to this should be a quick clear, resounding "no"..
By the way, it's normal practice for a therapist to have a Professional
Will naming another professional to take possession of the
therapist's records in an emergency or they may name some one to call
you to cancel an appointment in the case they are incapacitated.
Notice whether the therapist let's you know that upfront?
Those are all indications of a therapists detailed attention
to what maintaining confidentiality entails.