By Alice || Edited by Go Ask Alice Editorial Team || Last edited Sep 23, 2022
Let us know if you found this response helpful!

Cite this Response

Alice! Health Promotion. "Will my therapist respect confidentiality?." Go Ask Alice!, Columbia University, 23 Sep. 2022, https://goaskalice.columbia.edu/answered-questions/will-my-therapist-respect-confidentiality. Accessed 21, Nov. 2024.

Alice! Health Promotion. (2022, September 23). Will my therapist respect confidentiality?. Go Ask Alice!, https://goaskalice.columbia.edu/answered-questions/will-my-therapist-respect-confidentiality.

Dear Alice,

Is a therapist ever allowed to use/share my information without my knowing (for publications, case studies, etc.), provided he/she conceals my identity or otherwise makes me "untraceable"? I'm worried about becoming "material."

Thanks.

Dear Reader,

As you may be aware, the rules about health care privacy and confidentiality can be a bit complicated, but your question presents an opportunity to explore the issue further. Overall, the privacy and confidentiality of mental health or medical information is protected by state and federal laws, which are designed to protect how personal information is shared, maintain a person’s trust in their health care provider, and encourage them to seek care when necessary. In most cases, information found in your medical and mental health records can’t be shared without your authorization. However, health care information that lacks any personally identifying information can be used for research purposes. If this is something that you're concerned about when seeking care, this is a topic that you can discuss with you mental health provider and learn about whether or not they conduct research and if so, discuss more about how they use patient records. 

The laws to protect the privacy and confidentiality of mental health information and medical information are there to support patients. Additionally, these regulations provide protocols for events in which health information may need to be shared. Some research studies obtain a Certificate of Confidentiality (CoC), which is issued by the National Institutes of Health (NIH) or the Food and Drug Administration (FDA), to protect against forced disclosure of identifiable information. Additionally, if you’re worried about the confidentiality of notes taken by your mental health professional during a session, you may find it helpful to know that special privacy rules exist to protect this type of information and address concerns regarding their potential inclusion in publications or case studies.

When it comes to your mental health information being used for research purposes, the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule allows for de-identified health care information to be used in publications or for studies without consent from the individual. The key word here is de-identified, meaning the information must not contain any protected health information (often abbreviated as PHI). PHI is any identifiable health information about an individual, such as name, geographical location, and email address. It also includes details about an individual's past, present, or future health conditions, any care an individual receives, as well as health care payment information. The rationale behind this privacy rule is to allow information to be used for research or other endeavors without jeopardizing a patient’s privacy. While HIPAA’s privacy rule is a federal regulation that provides the minimum level of protection, states may have their own additional PHI regulations. It should also be noted that individuals can give explicit authorization for their PHI to be used or disclosed for research purposes. That being said, one caveat is if an individual changes their mind and doesn't want their information to be used, the researcher is still legally able to continue to use and disclose the PHI that they’ve already obtained to maintain the integrity of the research. Any new information collected after the individual has changed their mind, however, can't be used for research purposes. If you know immediately that you don't want your mental health professional to ever use your information for research purposes, that is something you can discuss with them upfront. 

Furthermore, in terms of mental health records in general, there are special privacy protections in place under HIPAA for psychotherapy notes. Psychotherapy notes are ones taken by a mental health professional that aren’t included in a patient’s medical record. A patient must give their authorization to have psychotherapy notes disclosed for any purpose. This is because these types of notes often contain sensitive information and aren’t needed for treatment, payment, or other operational health care purposes. However, there are a few exceptions to this authorization rule, such as when a mental health professional has reasonable suspicion that abuse may be occurring (as they are required by law to file a report). Another instance in which a mental health professional can break confidentiality is if they believe the individual may be a harm to themselves or others. Having said that, a mental health professional will usually not break client confidentiality if a client tells them they've been thinking about suicide. A break in confidentiality usually only occurs if the individual has expressed intent to act on said thoughts or if they have a specific plan made. Moreover, the Privacy Rule does allow health care and mental health providers to communicate relevant health information with a patient’s family, friends, or other individuals involved in the patient’s care, as long as the patient has consented to sharing. If the patient is unconscious or incapacitated, the information can be shared with this same group of people if and when the health care provider determines that it’s in the patient’s best interest. Lastly, if the patient is a minor, a health care provider or mental health professional may be able to disclose some of the information discussed to their parents.

If you’re worried about your privacy being breached, it may be helpful to have a discussion with your mental health professional. This could be an opportunity to review a copy of the Notice of Privacy Practices (which providers are required both to share with and ask for a signed acknowledgement of receipt from their patients) together, voice concerns, and establish a common ground regarding needs, expectations, trust, and intentions with them. Learning more about their practice may also be reassuring. While plenty of mental health professionals conduct research, plenty focus exclusively on working with patients and would never be using records for research purposes. You may find it reassuring to seek care from a mental health professional who doesn't conduct research in any form. You could also find out about specific regulations regarding client privacy by contacting your state’s board of psychology. If you continue to feel uneasy after this conversation, you may also want to check out our Q&A on how to find a therapist in order to discover tips on how to find a provider that’s a good match for all your needs. 

Hope this information helps,

Let us know if you found this response helpful!
Was this answer helpful to you?