Naomi  Root, LMSW

Have you ever wondered how therapists actually maintain confidentiality? Maybe you’ve heard of HIPAA, the Health Insurance Portability Act. HIPAA is federal law, and it protects the privacy of your medical records and other personal health information. Your information belongs to you, and your therapist is required by law to maintain the privacy of this information, only to be shared in special circumstances.

Generally, interactions that take place outside of the therapeutic space should be limited to protect professional boundaries and maintain confidentiality. Let’s dive a little deeper… 

In what circumstances can a therapist disclose my information?

HIPAA laws are designed to protect your privacy. If a therapist believes that a client presents a serious and imminent threat to themselves or others, necessary information is disclosed to persons whom the therapist believes can prevent or lessen the threat of harm. Under all other circumstances a therapist cannot disclose any information or your health records unless you give permission for disclosure. 

Texting is tempting

Texting with your therapist between sessions may seem like a convenient way to check in or to ask follow-up questions. If you’re texting or emailing your therapist using your regular phone and email account, chances are your privacy is not guaranteed. Know that traditional texting is not HIPAA compliant, and could pose a serious risk to confidentiality and security. To maintain privacy, your therapist might text or email you using an encryption program, which protects messages and ensures they are for the intended recipient’s eyes only. The issue here is that encryption only works if both parties have the program downloaded or accessible on their phones or computers. If you do message your therapist be wary of the platform you’re using and consider whether the information you are sharing is highly sensitive. At Talking for Wellness we recommend limiting text messages to scheduling questions only. 

Phone calls

Know the risks! Standard phone calls and voicemails are not HIPAA compliant. Many therapists will talk with you about security concerns before encouraging you to discuss highly sensitive information in a call or on a voicemail message. 

Teletherapy sessions

HIPAA-compliant platforms ensure the safety and security of information exchanged between therapist and client. There are plenty of secure platforms that provide calling and video features, making teletherapy highly accessible under the proper conditions. The same confidentiality guidelines apply to teletherapy sessions, just as they would in a traditional in-office session. Check in with your therapist, or potential new therapist, if you have questions about teletherapy. At Talking For Wellness we use a HIPAA compliant platform to conduct video sessions.

What if I run into my therapist in public? 

People run into each other all the time; we understand that! Do not take offense if your therapist doesn’t acknowledge you in a public place. Your therapist is bound by HIPAA, legal and ethical standards, and professional courtesy to maintain confidentiality and safety. Acknowledging a client in public poses a threat to confidentiality. Some therapists will wait for you to acknowledge before saying hi or hello while in public. 

Can I friend my therapist on Facebook?

Some therapists and therapy practices maintain professional social media accounts. These accounts exist to provide information to the public about the therapy practice, and related topics. Therapists are acutely aware of professional boundaries, which is why you should not expect your therapist to be your Facebook friend, or connect with you in a way that might interfere with the therapeutic relationship. If you choose to follow professional social media accounts maintained by your therapist or therapy practice that is your decision. Do not take it personally if the account does not follow you back! 

My therapist has a privacy notice in their email signature. Does this mean the email is secure? 

Have you ever seen a privacy notice or a disclaimer in an email? It might look something like this, “Confidentiality Notice: The information contained in this transmission may contain privileged and confidential information…”  A privacy notice, albeit well intentioned, does not ensure privacy and is not HIPAA-compliant. The best way to safeguard email transmissions is to use a secure, encrypted platform especially if you will be transmitting private health information. 

These tips are here to help you and inform you! HIPAA is complex and applies to all covered entities and their business associates–which is a fancy way of saying health providers and anyone who is responsible for transmitting health information. 

If you are curious and would like to learn more, I encourage you to start by speaking with your own therapist about the security and transmission of your information!

This material is intended for general information purposes and does not constitute legal advice.