Legal, Ethical, and Professional Issues in Psychoanalysis and Psychotherapy
The Myth of Confidentiality
C. Roberts, M.A.
For hundreds of years the Oath of Hippocrates has served as the aspirational standard for confidentiality:
Whatever, in connection with
my professional service, I see or hear, in the life of men, which ought not to
be spoken of abroad, I will not divulge, as reckoning that all such should be
This standard has allowed patients to abandon their usual hesitancy to confess their experiences, concerns, behaviors, ailments, thoughts and fantasies to their health care practitioner. Their confidence to make such confessions comes from the covenant of trust to which we mental health practitioners swear. The confidential relationship between the therapist and patient has been considered part of the core foundation for building what we refer to as the "therapeutic alliance." Our covenant has been that we will serve the good and do no harm to those persons who seek our help and who trust us to provide it.
The psychoanalytic disciplines recently issued a joint statement emphasizing how critical confidentiality is to the success of psychotherapeutic treatment:
[There are] three ways in which confidentiality is critical to effective psychotherapy: (1) it enables individuals to obtain help in dealing with problems or feelings they may consider too shameful, troubling or socially embarrassing to share with family or friends; (2) it is critical to building the patient's trust in the psychotherapist and thereby fosters the 'therapeutic alliance'; and (3) it is a critical prerequisite to full disclosure....
All 50 states have in some form supported the obligation of therapists to maintain patient confidentiality by passing statutes that require it.
The concepts of privacy, confidentiality and privilege are related, but it may be helpful to clarify: The right to privacy is a Western philosophical concept. Privacy is considered essential to maintain human dignity and freedom of self-determination. It is the right of an individual to keep his or her thoughts, feelings, or personal data from being shared with others. Privacy is not simply the absence of information about us in the minds of others; it is the control we have over information about ourselves. Confidentiality, or the obligation to maintain confidentiality, refers to the general standard of professional conduct that requires a professional to not discuss information about a client with anyone. Privilege is a legal term rather than an ethical concept. The legal system has always had the inherent power to require witnesses to testify in court so that the judicial system will have access to all relevant information associated with a case. However, the law recognizes that there are certain special relationships that are viewed by our society as being so important that they deserve protection from such intrusion. Those special relationships are granted "privileged communication" status and are exempt from compulsory disclosure, with limited exceptions. "Special" relationships granted privileged status in most states are husband and wife, attorney and client, clergy and confessor, physician and patient, and therapist and client. Privilege is a right that must be granted by law and belongs to the client in a professional relationship.
Today the covenant of trust which we seek to establish with our patients is severely, and subtly threatened. Over a period of years the right to confidentiality has increasingly given way to others asserting their "right to know." As a profession we have failed to educate the public, legislators, and the judicial system about what takes place in therapy and the crucial role confidentiality plays in the process. As a profession we seem to be in denial about this progressive threat. We routinely reassure outpatients of confidentiality while ignoring the reality of the erosion of confidentiality.
Christopher Bollas, in his book, The New Informants, describes the history of the threat to confidentiality. In the early 60's, child abuse was brought to the attention of the public. Mandatory reporting laws were passed quite quickly with no opposition in all the states. During this politically correct legislative flurry, we professionals were nearly silent about the impact on the therapeutic process when confidentiality was no longer absolute. Over time, states have added stiffer mandatory reporting requirements and penalties--all of which have facilitated the erosion of patient confidentiality and patients' ability to trust that confidentiality truly exists. The original laws of the 60's allowed doctors to determine whether or not to report child abuse. The current requirement is to report the "suspicion" of abuse. Instead of laws protecting the confidentiality of a patient who confides his or her secrets in treatment, we developed laws protecting clinicians who breach confidentiality and report their patients to law enforcement agencies.
In 1974, the landmark Tarasoff case struck a tremendous blow to the covenant of confidentiality. The California court system ruled that confidentiality for patients is not a certainty and must yield to the greater welfare of the community. The Court's decree that "the protective privilege ends where the public peril begins" set a new standard of responsibility for therapists toward the public at the expense of their patients' assurance of confidentiality and trust.
Professional misconduct and its investigation also results in the breaching of patient confidentiality. When a patient files a complaint against his or her therapist, he or she does so knowing that the therapist will be legally released from his or her duty to keep confidentiality. The cost to a patient in these circumstances is not only that of having to deal with the misconduct of the therapist, but the public disclosure of his or her most secret thoughts, feelings, behaviors and experiences which the patient previously disclosed in good faith to his or her therapist.
We have an appalling legal situation associated with therapist regulation currently under Washington State law. If a complaint is filed by a third party who is not the patient, the Department of Health, which is the regulatory body for certified clinicians, can and has required therapists to breach confidentiality even over the protests of their patients. This has allowed third parties, such as a disgruntled parent or family member of an adult patient, to force the disclosure of private patient material despite the fact that the patient has not filed a complaint and, in fact, has testified that they are satisfied with their treatment and that they object to the violation of their confidentiality.
Clinicians celebrated the U.S. Supreme Court decision in Jaffee v. Redmond (1996), when the majority decision spoke to the value of confidentiality and affirmed the right of privileged communication for those patients who are in psychotherapy. The Justices stated that:
Effective psychotherapy depends upon an atmosphere of confidence and trust, and therefore the mere possibility of disclosure of confidential communications may impede development of the relationship necessary for successful treatment.
Interestingly, within months of the High Court's announcement of the protection of privileged communications between a therapist and patient, a district attorney in Oregon's Lane County ordered the secret taping of a confession made by an inmate to a Roman Catholic priest. This type of relationship, that is, priest-penitent, is also considered to be protected by "privileged" status. The outcry by the Catholic Church was swift, loud, and admirable:
Taping a confession is
morally and legally impermissible because the priest-penitent relationship is
sacred and protected under the First Amendment. Canon law forbids
any confessor to betray a penitent by any means or for any reason whatsoever.
A confessor who knowingly violates confidentiality incurs the penalty of
[This is unprecedented in American history. They know damned well that the relationship between a priest and a penitent is sacred. Would that we as a profession were that confident and bold, as the legal system appears to be regularly threatening so called "protected relationships" in their pursuit of their "right to know"!]
There is a more ominous threat to confidentiality that has come relentlessly from another direction: managing health care as a way to control costs has escalated the demand for information by those outside the therapeutic relationship. Managed care companies demand whatever clinical information they want with the rationale that it is needed to determine their own private definition of "medical necessity." Insurance companies, HMOs, self-insured employers, etc., are all asserting their "right to know." Mental health clinicians who accept third-party reimbursement through care managers are forced to divulge more and more confidential information in order to justify treatments.
Insurers have gained virtually unlimited access to what has traditionally been private information in at least two ways. When an individual enrolls in an insurance plan, the application form includes a nonspecific consent for the release to the insurer of all medical information. Agreeing to the release of medical information is a condition of enrollment. As individual reimbursement forms are completed the patient is again required to sign a blanket release of information. Despite the reality that the insurance benefit may have been purchased by either the patient or the patient's employer, the patient's confidentiality is something he or she must trade in exchange for mental health treatment.
The fact that most insurance is purchased by employers for their employees intensifies the violations of confidentiality. A recent University of Illinois study found that one half of the Fortune 500 corporations admitted to using employee medical records in making employment decisions. Of those corporations who made this admission, 20% stated that they did so without telling their employees. The practice of the employer purchasing insurance for their employees, which then allows the employer access to detailed information about their employees, is a conflict of interest. But there are no guidelines or codes of ethics with which to monitor these practices by employers or insurance companies and so far, the employees have not demanded a different practice.
Patients who hope to use medical insurance that is provided by self-insured employers to pay for their therapy have no legal means to prevent their employers from having access to their medical records. In fact, it is a common practice of HMOs to send letters to employers detailing the health problems of their employees. The U.S. Court of Appeals for the Third Circuit recently ruled that an employer's right to access an employee's health records outweighed the employee's right to privacy in health information. The decision grew out of a case that began in November 1992.
The South Eastern Pennsylvania Transit Authority (SEPTA), a self-insured employer, made a request for a printout from Rite-Aid listing all employees who were filling prescriptions for $100 or more for the purpose of monitoring costs. SEPTA pays the health care bills of its employees, and on that basis demanded the right to look at information about prescription drug use in an attempt to detect fraud and abuse and to ensure that the prescription benefits are meeting employees' needs. When the information arrived at SEPTA, it included employee's names and social security numbers. The SEPTA Chief Administratiave Officer noted that a fellow employee was being treated for AIDS. She casually shared this information with other co-workers. When the employee found out, he sued for invasion of his constitutional right to privacy. The Court of Appeals found that the man had no right to prevent this type of information sharing and had no remedies under the law. The Court stated that his right to privacy was no match for an employer's need to control costs.
The second way insurers have gained access to what has traditionally been private information is by co-opting therapists to help gather that information. Nearly all managed care provider contracts include a requirement that the health care provider will provide information for a variety of purposes upon the request of the insurer. When clinicians sign such an agreement, they become legally obligated to produce records, even without the patient's consent and despite the restraints called for in their professional ethics codes.
We must acknowledge that we clinicians who listen, take notes, and report to the insurance industry the patient's private communications, are willing participants in this unethical and counter-therapeutic practice. All of our professional ethics codes acclaim the centrality of confidentiality, but we skate out far too glibly from our moral and ethical obligations by hiding behind the "informed consent" escape clause. Our patients are being raped of their privacy and the opportunity for a therapeutic process built on a covenant of trust, and we participate in that rape.
Insurance companies have become much more directive with health care providers, sometimes dictating what questions patients are to be asked, along with a requirement to document the patient's responses. A physician practicing adolescent medicine has reported that as a part of "well visits" he is instructed to ask and document questions such as, "Do you have sex? Do you masturbate? How are your relationships with your parents, friends? Have you ever been pregnant? Have you had an abortions" This information becomes a part of the adolescent's medical records and then belongs to his or her parents' insurance company and will likely be made available to a national data bank.
The privacy of personal medical
information has in the past been protected primarily through state and common
law, and through the threat of litigation against health care providers who do
not meet their ethical and fiduciary responsibilities to their patients.
Insurance and managed care companies and self-insured employers are not
regulated by such laws, are not constrained by any ethics codes, and offer only
a contractual relationship rather than a fiduciary responsibility to their
subscribers or employees. Only 34 states have confidentiality laws that
protect an individual's personal health care information. Under current
federal law, an individual has more protection of their video rental records
than they do their health care information. A quotation from Benjamin Franklin
seems appropriate here:
Three may keep a secret, if two of them are dead.
The United States Congress has been a quiet participant in the erosion of patient confidentiality. In the past few years, legislators have proposed and considered a variety of health care bills that have redefined the term "confidentiality." All of the health care reform legislation introduced at the federal level has included a plan for the expansion of the "circle of confidentiality." All of this legislation required the creation of a National Health Care Data Bank and mandated the reporting of every clinical encounter. The proposed legislation has stipulated that healthcare providers were to be fined for each patient encounter that is not reported. Federal legislation is moving more in the direction of abandoning confidentiality altogether. They now define the confidentiality circle to include a large number of "authorized users" and/or "trustees." The list of "authorized users" is long and includes employers, insurance companies, data clearing-houses, government agencies involved in health care and law enforcement, and commercial information processing corporations. The authors of an Institute of Medicine Report stated that the number of parties with a potential need to know was so large that they would not even attempt to provide a complete list.
An article in Newsweek suggested that "the goal is to develop a birth-to-grave medical record on every man, woman and child in this country." With the rapid growth of information technology, a national, comprehensive, computerized medical database is certainly feasible. Current technology could make our entire health history readily and immediately available both to those seeking to save our lives and to those whose intent is totally self-serving. Not surprisingly, major contributors to these legislative proposals for the establishment of such a national data bank have been AT&T, IBM, Microsoft, and the financial reporting companies of Equifax and TRW. The Kassebaum-Kennedy Health Insurance Portability and Accountability Act of 1996 ... contains a section entitled, "Administrative Simplification." In effect, it makes the right to personal medical privacy subservient to the interests of the electronic data industry in administrative convenience. No privacy standard can be adopted unless it first serves the purpose of reducing administrative costs. Once implemented, the creation of large, centralized medical records data banks will forever make it impossible to give patients the guarantee of real confidentiality. We will be told, of course, that our records are confidential, but what will be meant is, it is accessible to all in the "circle of confidentiality."
The Vermont Psychiatric Association issued the following statement in a 1995 position paper:
rather than patient needs is determining the form of health reform and the laws
to protect privacy.... The right to privacy is more threatened now than at
any previous period in history. The art of healing is being replaced by
the business of medicine, and medicine is becoming a commodity to be bought and
sold according to the standards of corporate life. Computerization
so extends access to the clinical record, that the patient may never even know
that they have suffered an injury. They may only know that insurance has been
denied, that a job application was refused, or that a promotion was not given or
that a claim for disability is challenged by an employer.
Privacy and confidentiality, the foundation of the covenant of trust in the therapeutic alliance, is viewed quite differently by those advocating for expanding the "circle of confidentiality":
The notion of proprietary information is an archaic model. We should share information for the benefit of everyone. Medical-record information belongs to the patient, but you have to allow the individual to share it within an agreement. We need to overcome the barriers of confidentiality and privacy so the record goes from commodity to utility.
Recent media reports are already giving us hints about what we and our patients should expect when we disclose confidential patient information: At a Boston clinic, federal auditors demanded the names of patients seeking confidential AIDS treatment. After they had been given the names of the AIDS patients, they released them to other agencies. The Harvard Community Health Plan, a Boston HMO, admitted to routinely entering detailed notes of psychotherapy sessions into its computer records, which made them accessible to all clinical employees.
In Maryland, which became the first state to implement a state-wide medical database system, eight Medicaid clerks were prosecuted for selling, computerized record printouts of recipients' financial resources and dependents to sales representatives of managed care companies. In Miami, state officials fired a public health worker who used a confidential list of people with AIDS and RIV to screen potential dates and offered to do the same for friends at a bar.
Obviously it is not possible to protect the confidentiality of medical records by simply adopting rules against their misuse. It is imperative that we anticipate that persons who have access to records will misuse them. Misuse is even more likely when large numbers of persons are made part of the "circle of confidentiality."
So, what of our covenant of trust? The reactions of our professional disciplines to the antithetical political and corporate climate are mixed. Nine professional organizations representing more than 600,000 health and mental health professionals issued a "Bill of Rights" in February 1997, to protect individuals seeking treatment for mental illness and psychological and substance use disorders. The document reflects the joint concern of mental health professionals that people with psychological disorders, mental illnesses and substance use disorders are not being well-served in today's rapidly changing health care system. The Bill of Rights addresses the issue of confidentiality with this statement:
Individuals have the right to be guaranteed the protection of the confidentiality of their relationship with their mental health and substance abuse professional, except when laws or ethics dictate otherwise. Any disclosure to another party will be time limited and made with the full written, informed consent of the individuals. Individuals shall not be required to disclose confidential, privileged or other information other than: diagnosis, prognosis, type of treatment, time and length of treatment, and cost. Information technology will be used for transmission, storage, or data management only with methodologies that remove individual identifying information and assure the protection of the individual's privacy. Information should not be transferred, sold, or otherwise utilized.
It is difficult to know how
to interpret such a document issued by the major professional organizations,
when those same organizations are also courting managed care companies and
advocating for their members' inclusion on provider panels whose contracts
require the members to violate the above paragraphs in the Bill of Rights.
Those same professional organizations appear to take a stand for maintaining
confidentiality, but then re-write their ethics codes, adding phrases such as,
"...except as required by law," that permit breaching confidentiality.
Our professional organizations are, in effect, allowing politics to determine
our professional ethics. The American Medical Association recently issued
the following policy statement, which sounds hopeful at least on the surface.
The AMA believes that: (1) there has been an erosion of the confidential relationships between patient and health professional, which has resulted from growing outside demands for the information shared in this relationship for the purpose of patient care; (2) there is a need to sensitize the public to the intrusions into confidential medical information which can result from increased demands for accountability--substantiating health insurance claims, in litigation, and in medical care evaluation; (3) much of the erosion has emanated from the public, and properly so; however, an overemphasis on society's right to know, at the expense of the individual's right to privacy and confidentiality has resulted, and a better balance is needed.
All of these kinds of statements need to translate into some action. Corporate America has insisted they need to know the intimate details of our patients' thoughts, feelings, fantasies, and behaviors to determine the precise number of therapy sessions which are optimum for our patients--of course they have never met our patients! They have whispered in the ear of our legislative system and convinced it of the merit of national data banks filled with the details of our patients' lives. Just a few short years ago most members of our profession would have considered such a breach of the sanctity of the patient-therapist relationship an ethical offense. Many clinicians now consider it only a paper-work nuisance. For clinicians new to the field, this is an accepted part of practice, not an ethical or moral concern.
The question we as clinicians--those of us who still carry a dim torch--bound by our covenant of trust, must answer is " Are we maintaining and/or perpetuating confidentiality, or simply the myth of confidentiality?" If we honestly believe it is our responsibility to do no harm to our patients and to prevent future harm, we must take a public stand against the destruction of the covenant of trust. At the very least--a minimal ethical standard--we must provide a truly informed consent to our patients. This requires us to be completely honest about confidentiality limitations and information about what some of the possible outcomes might be for the patient, given the information that will be passed on to the insurance company. One therapist has added the following to her disclosure statement: "Should you elect to use your health insurance benefits to pay for psychotherapy, your diagnosis, symptoms, substance abuse issues (if any) and history will become a part of your permanent medical records. These records are often accessible to other insurance companies and on occasion can be accessed by employers and private investigators for credit reports." A more succinct approach is used by a California psychologist: "If you pay me directly, everything's between us. If you use managed care, there's just no confidentiality."
In the current cultural climate, clinicians might actually do well to "Mirandize" their patients prior to their first session:
1. You have the right to
2. Anything you say can and will be used against you.
3. You have the right to talk with a lawyer and have him present with you while you are in therapy.
4. If you cannot afford to hire a lawyer, you probably ought not to begin this process.
5. You can decide at any time to exercise these rights and not answer any questions or make any statements.
I wonder how many patients would actually proceed with therapy.?
As confidentiality concerns
have gained our attention, the Oath of Hippocrates has frequently been quoted as
the historical basis for preserving patient confidentiality. The portion
that is typically quoted is this: Whatever, in connection with my
professional service, I see or hear, in the life of men, which ought not to be
spoken of abroad, I will not divulge, as reckoning that all such should be kept
The next sentence is generally omitted. It is too bad. The strength of it conveys just how seriously Hippocrates took his oath: While I continue to keep this Oath unviolated, may it be granted to me to enjoy life and the practice of the art, respected by all men, in all times. But should I trespass and violate this Oath, may the reverse be my lot.
From the point of view of the Legal, Ethical, and Professional Issues Committee, Judy Robertsí frank account of the obliteration of confidentiality in the current "health-care delivery system" is an excellent summary of the dangers facing individuals seeking psychotherapy paid for by third-party payers and of the acquiescence of our professional organizations in the erosion of privacy and professionalism. This article was first published in the newsletter of the National Coalition of Mental Health Professionals and Consumers, a group that works to bring public attention to the problems and abuses in the current health care system and to find workable alternatives to managed care. While the Academy rejects the premise that psychoanalysis is health care (seeing it as a means of self-exploration and understanding rather than a "treatment" for "mental disorder"), we agree with Ms. Roberts' assessment of the current situation and strongly support her argument that such breaches of confidentiality are inherently unethical.
Legal, Ethical, and Professional Issues in Psychoanalysis and Psychotherapy
Contents Legal Ethical Professional Contact Us Bibliography Round Table
Academy Home Academy Programs
ACADEMY FOR THE STUDY OF THE PSYCHOANALYTIC ARTS