Breaches of Client Confidentiality by Counselors

Confidentiality is a cornerstone of effective counseling, but there are certain scenarios that require breaches of client confidentiality by counselors. 

For clients to feel comfortable sharing their mental and emotional struggles, they need to be able to trust that their counselor will keep their information private. Clinicians should preemptively and thoroughly discuss any limits of confidentiality in counseling with clients.  

While there are some instances where sharing confidential information is necessary under the law—and other instances where a client might request their confidential information to be shared—maintaining confidentiality should be a counselor’s default position. 

Therapists sharing confidential information, without the legal authority to do so, are examples of breaches of client confidentiality.

Breaches of client confidentiality by counselors can have serious consequences for a counselor, including malpractice lawsuits, fines, or action against their license. In egregious cases, counselors who willfully breach client confidentiality may even face criminal charges.

Counselor and therapist confidentiality laws

Confidentiality in counseling is governed by both state and federal law in the United States. 

At the federal level, HIPAA governs how private data is managed and how clients should be informed of their rights. 

State therapist confidentiality laws, meanwhile, typically spell out both the counselor’s obligation to maintain confidentiality and the specific exceptions to that obligation. 

These laws are reinforced by professional codes of ethics, which demand that counselors maintain confidentiality in accordance with privileged communication statutes..

Confidentiality laws typically require counselors to keep all aspects of a counseling relationship confidential—even the existence of that relationship. 

Counseling confidentiality laws are also typically upheld posthumously—outliving both the client and the counselor. Even if either party dies, the client maintains a legal right for their counseling to be confidential.

Confidentiality in counseling

Counselors may take a number of steps to ensure their clients’ privacy. 

Many counselors take extra measures to ensure their offices are private—designing them to prevent  breaches of client confidentiality by counselors. Design choices may include: tinting exterior windows, installing sound machines for soundproofing , and having a separate entrance and exit. 

During phone or telehealth counseling sessions, counselors need to ensure that they are in private and confidential spaces when delivering services. They should also carefully choose telehealth platforms with industry-leading security measures to make sure there aren’t any cybersecurity threats that could compromise the confidentiality of their call.

Most importantly, counselors need to be cautious when and how they share information about existing clients, even when outsiders request specific information. 

A family member of an adult client might call a counselor to request information about the client’s next appointment, or about how their treatment is going. However, without specific authorization from the client, or legal limits of confidentiality in counseling, the counselor will not share any information with the caller. The counselor will not even acknowledge that the client is a client.

Limits of confidentiality in counseling

Specific exceptions to confidentiality can vary based on the counselor’s location. Still, there are a handful of situations when breaches of client confidentiality by counselors are legally mandated in many jurisdictions. 

These exceptions to confidentiality in counseling include:

• When the client poses imminent danger of severe bodily harm to themselves or others
• When the counselor reasonably suspects child, elder, or dependent adult abuse
• When the counselor has received a court order from a judge
• When the counselor has received a release of information or other appropriate legal authorization from the client

Even within these instances, there can be meaningful differences from place to place. For example, jurisdictions have different definitions for who qualifies as an “elder,” or what types of abuse must be reported.

The list above encompasses situations where a counselor is obligated by law to share otherwise-confidential information. However, states may also define certain scenarios in which breaches of client confidentiality by counselors are allowed, but not required. 

For example, states may allow breaches of client confidentiality—but not require information sharing for research purposes—for the purposes of licensing board investigations, for reasons related to public health emergencies, or for a variety of other reasons. 

In these situations, counselors must balance the client’s expectation of privacy against the counselor’s role in the community, or society, at large. 

When the law allows but does not require the sharing of otherwise-confidential information, the American Counseling Association (ACA) Code of Ethics encourages counselors to lean toward maintaining confidentiality. However, releasing information in those instances would not violate the ACA code.

Privileged communication statutes 

In most jurisdictions, communications between a counselor and a client are considered privileged. This means that they cannot be utilized in a court proceeding. 

Just as spouses cannot be forced to testify against each other in court (spousal privilege) and an attorney cannot be forced to testify against their own client (attorney-client privilege), counselors cannot be forced to testify against their own clients. 

If a court could compel such testimony, then clients might be far less likely to reveal any past criminal acts, or secrets they felt could be used against them in a court of law, to their counselors.

With its focus on court proceedings, privilege is a narrower concept than confidentiality. Confidentiality applies across settings. 

Examples of  breaches of client confidentiality by counselors

When we think of breaches of confidentiality in therapy, we may think of people with bad intentions: a hacker accessing a counselor’s computer without permission, or a counselor sharing information with a client’s ex-partner for use in a high-conflict divorce case.

However, the overwhelming majority of breaches of client confidentiality by counselors appear to be more mundane. 

For example, a counselor may accidentally email the wrong client, sending one person’s confidential information to someone who isn’t authorized to receive it. 

Or, a counselor may share information about a child client by phone with a person the counselor believes is a parent or guardian, only to later learn that the person does not have custody of the child and shouldn’t have been given the information.

It can also be a breach of confidentiality when a counselor makes a report of child, elder, or dependent adult abuse for suspected acts which, even if true, would not qualify as abuse. 

California and many other states have protections in the law for good-faith reports of abuse that can’t be substantiated, but it is unclear whether these protections would apply when a counselor makes a report of actions that don’t fall outside their jurisdictions’ limits of confidentiality in counseling. 

For these reasons, simply having good intentions is not enough to prevent a counselor from breaching confidentiality. 

To avoid unintentional breaches, counselors should have clear knowledge about the confidentiality laws that apply to them, including knowledge about specific exceptions to confidentiality. 

Counselors should also have clear and consistent processes for ensuring that confidential information is shared with outsiders only when the law allows for such sharing or when the client has provided specific consent in writing.

Disclaimer: SimplePractice cannot provide legal advice. Clinicians should consult an attorney for guidance depending on your specific situation.

How SimplePractice streamlines running your practice

SimplePractice is HIPAA-compliant practice management software with everything you need to run your practice built into the platform—from booking and scheduling to insurance and client billing.

If you’ve been considering switching to an EHR system, SimplePractice empowers you to run a fully paperless practice—so you get more time for the things that matter most to you.

Try SimplePractice free for 30 days. No credit card required.