Attorney Articles | Confidentiality Issues in Agency and Private Practice Settings

Articles by Legal Department Staff

The Legal Department articles are not intended to serve as legal advice and are offered for educational purposes only. The information provided should not be used as a substitute for independent legal advice and it is not intended to address every situation that could potentially arise. Please be aware that laws, regulations and technical standards change over time. As a result, it is important to verify and update any reference or information that is provided in the article.

Confidentiality Issues in Agency and Private Practice Settings

Confidentiality is the cornerstone of therapy. Learn more about the essential element of therapist-patient confidentiality through numerous sections of law and ethical standards.

By: Michael Griffin, JD, LCSW
Staff Attorney
The Therapist
(September/October 2008) 
Updated November, 2022 by Bradley J. Muldrow, JD (CAMFT Staff Attorney)

Confidentiality Issues in Agency and Private Practice Settings

The confidential nature of the therapist-patient relationship is an essential element of psychotherapy.1 Confidentiality, therefore, is of considerable importance to psychotherapists, regardless of where they may practice. Yet, treatment settings are not identical and the confidentiality-related issues and concerns which arise in one setting may differ from those which exist in another. This article discusses a variety of legal and ethical issues concerning confidentiality in agency and private practice treatment settings. 2

California law
Confidentiality is both a legal and an ethical concept involving a restriction on the release of private information that is defined by various state and federal laws and ethical standards.3 4 5 Section 56 of the California Civil Code, otherwise known as the Confidentiality of Medical Information Act, describes confidentiality and its various exceptions, under California law.6 According to this statute, any information that a therapist maintains, whether electronically or in some other form, that documents or describes his or her assessment and/or treatment of a patient, (whether or not still living) including information that contains any personal identifying information that would be sufficient to identify a patient, is confidential.7 The unauthorized disclosure of confidential information by a psychotherapist is designated as a form of unprofessional conduct under the California Business and Professions Code. 8 9 10

The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)11 is a federal law which provides patients of providers who are “covered entities”12 under HIPAA, with specific rights concerning the use and disclosure of their private health information. As of April 14, 2003, a therapist who is a covered entity is expected to be familiar with the rights of his or her patients under the HIPAA Privacy Rule,13 and is required to provide every patient with a “Notice of Privacy Practices” at the start of treatment.14 Although the therapist is not required to obtain the patient’s signature on the Privacy Notice, he or she must make a good faith effort to obtain the patient’s written acknowledgment of receiving it.15

Ethical Standards
The ethical standards that are published by professional organizations such as CAMFT, NASW, APA and AAMFT offer substantial guidance to their respective members on the various aspects of confidentiality.16 17 18 19

Requests to Provide Confidential Information
Depending on the particular treatment setting, a therapist is likely to encounter a wide variety of requests to disclose confidential information about his or her patients. There are many examples of such requests, including, but not limited to: a subpoena20 to produce patient records or to attend a deposition or hearing; a phone call from a foster parent, social worker, probation officer, or attorney, asking the therapist to discuss his or her patient’s treatment plan, or a request from a child’s parent to produce a copy of the child’s treatment record. Because each of these scenarios is unique, the course of action that a therapist may follow in a given situation depends upon the specific facts and circumstances of the request and the applicable legal and ethical standards. The following examples provide a further illustration of the range of requests for information that a therapist may receive: 21

A family court mediator calls and asks the therapist for input about a case. The patient(s) signed a release for this purpose a few months ago, but there is no expiration date on it.22

A patient informs the therapist that his or her attorney would like to have a copy of the clinical file.23

An insurance company challenges the diagnosis that was provided by the therapist and demands that the therapist provide a copy of the patient’s entire treatment record.24

A psychiatrist who provides medication management to a patient, contacts the patient’s therapist to request information about the patient’s symptoms and to discuss the medication plan.25

Requests for Information and Type of Setting
The frequency and type of requests for information that a therapist might encounter in day to day practice is influenced by the characteristics of his or her treatment setting. For instance, some agencies provide services to patients who are court-ordered to treatment, and/or, offer therapy to children who are in placement under the supervision of the department of social services or juvenile probation. In such agencies, a therapist is likely to receive a variety of phone calls from social workers, probation officers, foster parents, attorneys, and many others. Similarly, a therapist who treats patients who are engaged in litigation involving divorce or child-custody matters will often be asked to write letters about his or her patients and may receive a variety of telephone calls from attorneys, mediators, and custody evaluators.

A therapist would be wise to seek consultation whenever he or she is confused or uncertain about how to respond to a particular request. As a general rule, it is easier for a therapist to seek consultation, than it is for him or her to face the possible negative consequences of a hurried response. In most cases, requesting parties understand that a therapist is required to comply with legal and ethical standards and that it is reasonable for him or her to exercise caution prior to releasing confidential information.

Preparation is Key
Agencies can provide training to their staff for responding to the types of requests that are commonly received by the organization. Such preparation may help to reduce the amount of stress that is associated with responding to requests for information and decrease the incidence of inappropriate responses.

Administrators/ supervisors in agencies, and similar organizations/ entities, can examine the frequency and type of requests for information that their clinical staff normally receive and consider the following questions:

  1. Are agency clinicians comfortable in responding to demands for information?
  2. Are agency clinicians confident in their knowledge of relevant legal and ethical standards?
  3. Are agency administrators familiar with the legal and ethical standards that apply to confidentiality?
  4. Do agency clinicians utilize a clear procedure when responding to requests for information?
  5. Does the agency ensure that all clinicians utilize a proper “authorization for release of information” document?
  6. Does the agency provide training to clinical and support staff regarding patient confidentiality?
  7. Do agency clinicians feel comfortable approaching administrative and/or supervisory staff for guidance in this area?
  8. Are agency clinicians encouraged to seek legal consultation when questions about confidentiality arise? Is consultation available?

A therapist in private practice may also consider the frequency and type of requests for information that he or she normally receives and ask:

  1. Do I feel confident when responding to demands for information? 
  2. Am I uncertain about the applicable legal and ethical standards?
  3. Am I following a clear procedure when responding to requests for information?
  4. Do I have access to a proper “authorization for release of information” document?
  5. Do I seek consultation when I am uncertain about how to proceed?

Authorization / Release Forms
All therapists must have access to appropriate authorization/release forms and should be familiar with their use. In California, a health care provider may not disclose his or her patient’s confidential information without first obtaining an appropriate authorization from the patient or, in the case of a minor, his or her legal representative.26 An authorization to release confidential information must either be handwritten by the person who signs it or in a typeface no smaller than 14-point type and must include: The specific uses and limitations on the information to be disclosed;27 The name or functions of the provider that may disclose the information;28 The name or functions of the persons or entities authorized to receive the information;29 The specific uses and limitations on the use of the information by the persons or entities authorized to receive the information;30 The specific date after which the provider is no longer authorized to disclose the information;31 and, Notification to the person signing the authorization of his/her right to receive a copy of the authorization.32 33 34

Minors and Confidentiality
Therapists who work with children and adolescents understand the importance of respecting a minor’s need for confidentiality. However, a therapist should recognize that a minor’s parent(s) or legal guardian has a legitimate need to consult with the therapist and to be apprised of his or her treatment plan and treatment progress, etc. Before beginning treatment with a minor, a therapist should take care to determine who, specifically, has the authority to provide consent for the minor’s treatment. 35

Authorization by Minors
Under California law, an individual who has the responsibility and authority regarding his own health care or for the health care of another, has, in general, a corresponding right of access to information concerning the care and condition of the patient.36 This means that as a general rule, the parent or legal representative of the minor has a right of access to information about the minor’s treatment and to the minor’s health care record. There are important exceptions to this general rule. Section 123115 of the California Health & Safety Code provides that the parent or legal representative of the minor is not entitled to inspect or obtain copies of the minor's records if the minor did consent, or could have consented, to his or her own treatment or if the provider determines that providing the parent or legal representative with access to the minor’s record would have a detrimental effect on the provider's professional relationship with the minor or on the minor's physical safety or psychological well-being.37 Under Section 6924 of the California Family Code and Section 124260 of the California Health and Safety Code, a minor who is twelve years of age or older may provide consent for his or her own mental health treatment under certain circumstances.38 Therefore, when a minor is lawfully able to provide consent to his or her own therapy, the therapist must obtain the minor’s authorization before releasing information about the treatment.39

Informing Patients about the Limits of Confidentiality

Child/Elder Abuse and Issues Involving Dangerous Patients
California law does not require a therapist to inform his or her patient about the exceptions to confidentiality,40 such as child and/or elder abuse,41 dangerous patients42 and the Patriot Act.43 However, the ethical standards that are provided by professional associations, at a minimum, encourage therapists to disclose this information to patients at the outset of treatment.44 45 46 47

Sections 3.1 and 3.6 of CAMFT’s Code of Ethics are relevant to this particular issue:

3.1 INFORMED DECISION-MAKING: “Marriage and family therapists respect the rights of clients/patients to choose whether to enter into, to remain in, or to leave the therapeutic relationship. When significant decisions need to be made, marriage and family therapists provide adequate information to clients/patients in clear and understandable language so that clients/patients can make meaningful decisions about their therapy.”48

3.6 LIMITS OF CONFIDENTIALITY: “Marriage and family therapists are encouraged to inform clients/patients of significant exceptions to confidentiality such as child abuse reporting, elder and dependent adult abuse reporting, and clients/patients dangerous to themselves or others.”49

Disclosures to Third-party Payers
A therapist should also advise his or her patients about the information that he or she will provide to third-party payers. Section 2.7 of CAMFT’s Code of Ethics provides:

2.7 THIRD-PARTY PAYER DISCLOSURES: “Marriage and family therapists advise clients/patients of the information that will likely be disclosed (such as dates of treatment, diagnosis, prognosis, progress, and treatment plans) when submitting claims to managed care companies, insurers, or other third-party payers..” 50 51 52 53

Access to Confidential Information by Outside Entities
Agencies are often subject to the oversight of a funding source, such as the State or County Mental Health Department. In such circumstances, there may be a provision in the agreement between the parties that permits the funding source to examine patient files in order to monitor the agency’s contract compliance and/or to conduct quality assurance or utilization review activity. Although it is generally permissible under California law54 and HIPAA55, to disclose confidential patient information for such activities without a specific authorization, it is difficult to know whether patients have an awareness of such activities. As a result, agencies should consider providing their patients with information about these activities along with any other information that may be provided at the start of treatment.

“Minimum Necessary” Disclosure under HIPAA
Therapists who are covered entities under HIPAA should be aware of the HIPAA minimum necessary standard: “When using or disclosing protected health information or when requesting protected health information from another covered entity, a covered entity must make reasonable efforts to limit protected health information to the minimum necessary to accomplish the intended purpose of the use, disclosure or request.”56

Access to Confidential Information by Agency Personnel
One of the differences between an agency and a private practice is that in an agency, several individuals are likely to have access to the patient’s confidential information. Agencies employ administrative personnel who may or may not be mental health professionals and a variety of support staff for patient billing, scheduling, reception, and for other administrative purposes. In circumstances where the patient’s clinical record is subject to access by more than one person, there may be confidentiality-related concerns.57 58

In agency settings, staff should be trained to understand that all information concerning a patient and all information that is contained within the patient’s health care record, is confidential and may not be released without appropriate consent. Agency staff should also be trained to understand that they are not permitted to access a patient record without an appropriate purpose, including but not limited to, documenting the patient’s treatment, billing insurance, conducting peer review or quality assurance activity, or for a purpose expressly authorized by the patient.59 In order to address these issues, many agencies provide training to employees on these matters and require each employee to sign a confidentiality agreement. The language of CAMFT Code of Ethics Rule 2.4 is directly relevant to this issue: “Marriage and family therapists take appropriate steps to ensure, insofar as possible, that the confidentiality of clients/patients is maintained by their employees, supervisees, assistants, volunteers, and business associates.”60

Confidentiality and Type of Treatment

Multidisciplinary Treatment Teams
In some treatment settings, including agencies, hospitals and residential treatment centers, the treatment staff may be comprised of therapists of different disciplines (some may be licensed and some not) who collaborate as a multidisciplinary treatment team in order to provide comprehensive treatment to a patient and family. A multidisciplinary treatment team might include marriage and family therapists, clinical social workers, psychologists and psychiatrists, various therapists in training and other professionals such as addiction counselors, art therapists, music therapists, occupational therapists, and others. In a multidisciplinary treatment setting, one clinician may serve as the patient’s primary therapist, but more than one professional, including the director of the agency who may or may not be licensed, will have access to the patient’s clinical record. For example, the patient may meet with his or her individual psychotherapist on a weekly basis, and also attend group therapy with a different therapist. The same patient may also receive psychological testing from the psychologist and/or medication management from the staff psychiatrist.

Multidisciplinary treatment teams frequently consult with one-another in order to review and discuss the treatment plans and progress, etc. of the agency’s patients. Such communication is permitted under California law. Section 56.10(c) of the California Civil Code permits health care providers to discuss and exchange information about the patient,61 if it is for the purpose of diagnosis or treatment of the patient. In general, HIPAA also permits such activity under the category of “health care operations.”62

Multidisciplinary treatment teams provide patients with the benefit of input and support from a group of professionals. Although most patients are likely to appreciate the benefits of a collaborative treatment setting, it is important to ensure that every patient is aware at the time of his or her intake, that such a group treatment model is utilized. In the absence of such disclosure, it is possible that a new patient in this setting may lack the information necessary to authorize his or her treatment. Although California law does not, in general, require psychotherapists to obtain their patient’s informed consent for treatment, if the treatment is likely to be unfamiliar to the patient, a description of the treatment, including its intended benefits should be provided to the patient.63 64 65

Group Psychotherapy
Although the therapist is legally and ethically bound to maintain confidentiality, the members of the group are not. Group psychotherapists usually inform group members about the importance of maintaining the confidentiality of information that is discussed in the group.66 67 68 69

Section 2.6 of the CAMFT Ethical Standards addresses this issue: “Marriage and family therapists, when working with a group, educate the group regarding the importance of maintaining confidentiality, and are encouraged to obtain written agreement from group participants to respect the confidentiality of other members of the group.”

Couple/Family Psychotherapy
According to Sections 2.1, and 2.2 of CAMFT’s Code of Ethics, when the identified patient is a family or couple, the therapist may not release any information about the therapy, without the express authorization of each of the participants. This is true even if the therapist has an individual session with one of the members of the family/couple during the treatment episode.70 71 72 73 An important exception to this rule involves the use of a “No Secrets” policy when treating families or couples. When a “No Secrets” policy is utilized, members of the family/couple agree, at the start of treatment, that the therapist is free to share information that he or she learned in an individual session with one of them with other members of the family/couple, if the therapist believes that the information is relevant to the treatment.74

Preventing Unintended/Accidental Disclosures
It is extremely important that therapists and agencies minimize the unintended/accidental disclosure of confidential information. Accidental/inadvertent disclosures are probably more difficult to avoid in agencies, compared to private practice settings, because there are usually fewer therapists, fewer patients, and fewer records to maintain and protect in a private practice, compared to an agency.

The physical characteristics of a treatment setting are relevant to the issue of confidentiality. For example, the privacy of patients is easily compromised in waiting rooms, hallways, parking lots, and in other common areas. In many instances, however, it is possible to minimize or even eliminate the likelihood that a patient’s privacy will be compromised. Consider the following examples of events, which commonly occur in clinics, agencies, and similar settings:

A therapist greets a new patient by his or her name and inquiries about the reason(s) for the current visit, as they walk to the therapist’s office.75

In a waiting room, hallway, or parking lot, a therapist speaks with a parent about his or her child’s behavior problems.76

A therapist is aware of the fact that a new patient is employed at the same company as one of his or her existing patients, but schedules the patients’ appointments back to back.77

In an effort to catch up on his or her paperwork, a therapist stacks a pile of patient records on his or her desk in plain view. 78

A clerical employee asks a patient about his or her unpaid bill while the patient is standing at the reception window.79

During an all-staff meeting that includes support staff and the agency administrator, a therapist asks another clinician a question about one of their mutual patients.80

Patient Records
Federal and state law, and professional ethical standards, require providers to safeguard =patients’ health care records.81 82 83 84 85 The California Civil Code specifically states that, “Every provider of health care…who creates, maintains, preserves, stores, abandons, destroys, or disposes of medical records shall do so in a manner that preserves the confidentiality of the information contained therein.”86 HIPAA-covered entities must also comply with HIPAA security standards that apply to information that is transmitted via the internet or maintained or transmitted in electronic form, and with HIPAA privacy regulations that require appropriate administrative, technical, and physical precautions to ensure the confidentiality of all patient information.87 88

Regardless of the specific regulations that may apply under California law or HIPAA, it should be noted that many, if not most record security precautions are founded on several common sense principles: confidential patient records must be properly stored in a secured area, file cabinet, or computer system, and not left in an unsecured area; to avoid the possibility of loss or theft, therapists should generally avoid transporting confidential files unless absolutely necessary; and clinical documents should not be faxed unless the sender has confirmed that an appropriate person is waiting to receive and take responsibility for the confidential records when they arrive.

Policies and Procedures
The existence of a specific policy/procedure may help therapists and others to act in accord with legal and ethical guidelines. A clearly written policy/procedure also tends to reduce the amount of stress that may be associated with a particular task, such as responding to a subpoena or to an emotionally charged phone call. For reasons already discussed, the importance of establishing specific policies and procedures for managing and protecting confidential patient information seems to be particularly evident in agencies and other similar settings. Requests for information are often made in emotionally-charged atmospheres and therapists may need to respond to several requests involving multiple patients. In some instances, therapists may have to respond to such requests when tired or under pressure and thus more likely to make mistakes or overlook key issues. Establishing specific policies and procedures for responding to records requests may reduce the potential for such errors.

Monitoring and Oversight
Although it is certainly important for agency staff to follow established policies and procedures, a policy/procedure is of little value if the clinical staff is not trained in its use or if the agency’s administrative and supervisory staff fail to provide appropriate oversight to ensure that clinicians are vigilant in its application. Ultimately, the time that is spent in preparing such policies and in training staff is well worth it if it helps to protect patient privacy and keep agencies and their therapists out of trouble.

This article is intended as a resource for therapists on confidentiality regardless of the setting where services are provided and spans the various mental health disciplines. It cites numerous sections of law and ethical standards that will guide a therapist in making appropriate decisions concerning confidentiality, the cornerstone of therapy.

1 California Civil Code, §56; California Evidence Code, §1012
2 The term “agency” in this writing is used to generally refer to a community-based mental health agency, multidisciplinary clinic or to similar/related settings.
3 Id.
4 California Welfare & Institutions Code, §§5325; 5328; California Health & Safety Code, §1250 address confidentiality and other rights for patients who are involuntarily or voluntarily admitted to a facility for psychiatric evaluation or treatment.
5 The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)
6 California Civil Code, §56.
7 Id.
8 California Business & Professions Code, §4982. (m)
9 California Business & Professions Code, §4992.3 (n) (applicable to social workers)
10 California Business & Professions Code, §2960 (h)
11 The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”); See, multiple HIPAA articles and related forms
12 45 C.F.R. 164.104(a)(3)
13 Id., The HIPAA Privacy Rule gives patients six rights: The right to request restrictions on certain uses and disclosures of their protected health information (“PHI”); The right to receive confidential communications from health care providers; The right to inspect and receive a copy of their PHI; The right to receive an accounting of disclosures of their PHI; The right to amend their PHI; and, The right to receive a paper copy of the Notice of Privacy Practices.
14 Id., See, “Sample Notice of Privacy Practices”
15 Id., A therapist who decides not to become a “covered entity” under HIPAA is not subject to these provisions.
16 See CAMFT Code of Ethics Section 2 et seq.
17 NASW Code of Ethics §§1.07, 1.08, 2.02
18 APA Ethics Code Section 4 et seq. and §6.02; §10.02; and §10.03
19 AAMFT Code of Ethics Standard II et seq.
20 See, Jensen, David, J.D., “Diagnosing a Subpoena for Validity,” The Therapist, Nov. /Dec., (2007); Leslie, Richard, J.D., “The Subpoena for Records,” The Therapist, Sept. /Oct., (1989).
21 See, Leslie, Richard, J.D., “Confidentiality,” Continuing Education Self-Study/Self-Assessment Test, which provides several examples concerning confidentiality.
22 In this example, the therapist should obtain a new authorization form. California Civil Code, §56.11(h) states that the authorization form must state a specific date after which the provider is no longer authorized to disclose the information.
23 Here, the therapist should clarify with his or her patient whether the patient is asking to have a copy of the file, or if the patient would like the therapist to send a copy of the patient’s file to the attorney. According to California Health & Safety Code, §123110, if the patient is requesting a copy of the file, the provider must provide him or her with a copy within 15 days of his or her written request. If the patient wants the therapist to send a copy of the record to his or her attorney, the therapist must first obtain the patient’s written authorization for the release of information.
24 California Civil Code, §56.10(c)(2) states that information may be disclosed to an insurer or other entity responsible for paying for services rendered to the patient, to the extent necessary to allow responsibility for payment to be determined and payment to be made. The therapist may speak with the insurer in order to clarify the specific reason for their request. In this situation, the request for a copy of the patient’s entire record is probably unwarranted and the questions raised by the insurer concerning the patient’s diagnosis can probably be addressed by providing limited, specific information.
25 California Civil Code, §56.10(c) allows health care providers to discuss and share confidential patient information when such communications are for the purpose of diagnosis or treatment of the patient.
26 California Civil Code, §56.11
27 California Civil Code, §56.11(d)
28 California Civil Code, §56.11(e)
29 California Civil Code, §56.11(f)
30 California Civil Code, §56.11(g)
31 California Civil Code, §56.11(h)
32 California Civil Code, §56.11(i)
33 See, sample forms: “Authorization to Release Confidential Information”; “Authorization to Exchange Confidential Information,” on the CAMFT website at
34 See, Leslie, Richard, S., J.D., “Confidentiality,” The Therapist, July/August, (1989); Benitez, Bonnie, J.D., “Confidentiality and its Exceptions,” The Therapist, July/August, (2004); Benitez, Bonnie, J.D., “Preserving the Confidentiality of Patient Records,” The Therapist, Sept. /Oct., (2003).
35 See, CAMFT website for articles concerning the issue of consent for the treatment of minors.
36 California Health & Safety Code, §123110
37 California Health & Safety Code, §123115 (emphasis added)
38 California Family Code §6924 and California Health and Safety Code §124260
39 California Health & Safety Code, §123110
40 California Civil Code, §56: There are twenty-two exceptions to confidentiality listed in Section 56.10(c) of the Confidentiality of Medical Information Act.
41 California Penal Code, §§11164-11174.3; Calififornia Welfare & Institutions Code, §§15630-15632
42 Calif. Civil Code, §43.92; Tarasoff v. Regents of Univ. of Calif., (1976), 17 Cal.3d 425; Ewing v. Goldstein, (2004), 120 Cal.App.4th 807; Ewing v. Northridge Hospital Center (2004), 120 App. 4th 807
43 The US Patriot Act of 2001 requires therapists (and others) in certain circumstances, to provide FBI agents with books, records, papers and documents and other items and prohibits the therapist from disclosing to the patient that the FBI sought or obtained the items under the Act.
44 CAMFT Code of Ethics §3.6
45 AAMFT Code of Ethics §2.1
46 NASW Code of Ethics §1.07(e)
47 APA Code of Ethics §4.02(a)
48 CAMFT Code of Ethics §3.1
49 Id., §3.6
50 Id., §2.7
51 NASW Code of Ethics §1.07(h)
52 APA Ethics Code §4.02(a)
53 AAMFT Ethical Standards §2.1
54 California Civil Code, §56.10(c)(2); California Civil Code, §56.10(c)(4)
55 45 C.F.R. 164
56 45 CFR 164.502(b)
57 According to HIPAA, specific Security Standards apply to health information that is maintained in electronic form. The HIPAA Privacy Rule imposes a duty upon covered providers to take appropriate administrative, technical, and physical precautions to ensure that patient information is kept confidential. For further information, consult the HIPAA section of the CAMFT website:
58 Without being properly managed, these confidentiality-related concerns can lead to accusations of unauthorized access to patient records.
59 45 C.F.R. 164.506; California Civil Code, §56.10 (c)(3);(4)
60 CAMFT Code of Ethics §2.4
61 California Civil Code, §56.10(c)
62 45 C.F.R. 164.506
63 California Business & Professions Code, § 2290.5
64 CAMFT Code of Ethics Section 3 et seq
65 See, Griffin, Michael, J.D., “Revisiting Informed Consent,” The Therapist, Sept. /Oct., (2006).
66 CAMFT Code of Ethics §2.6
67 NASW Code of Ethics §1.07(f)
68 APA Ethics Code §10.03
69 AAMFT Code of Ethics §2.2
70 CAMFT Code of Ethics §§ 2, 2.1, 2.2.
71 NASW Code of Ethics §1.07(f), Id.
72 APA Ethics Code §10.02(a)
73 AAMFT Code of Ethics §2.2
74 See, Riemersma, Mary, “Use of a “No Secrets” Policy in Couple and Family Therapy-An Interview with Richard S. Leslie, J.D., Attorney at Law,” The Therapist, Sept./Oct., (2007); Sample agreement : “No Secrets” Policy for Family and Couple Therapy,” Drafted by Richard S. Leslie, J.D., available on the CAMFT website,
75 It is possible that this event occurs less often in mental health settings than in medical settings, where the author has witnessed, on more than one occasion, such a question being called out to a patient who may be seated several feet from the reception desk.
76 Therapists who work in child and adolescent mental health settings will recognize how common this practice is. Although it is very easy to develop such casual habits, therapists should take care to avoid any discussion of private information in a public area.
77 In fairness, this can’t always be predicted or controlled. Yet, there are times when a therapist is in possession of such information and he or she can, when scheduling, take it into consideration.
78 In the course of a busy day, this too is a common, but erroneous practice. Materials that contain confidential patient information should be securely stored and kept out of view.
79 Patients should not be asked questions about their private information while they are in a public area. A patient’s financial information is confidential.
80 It is inappropriate for a clinician to discuss a patient’s case with the agency administrator or other non-clinical staff present.
81 45 C.F.R. §§164.306;164.308;164.310;164.312;164.314;164.316; California Civil Code, §56.101
82 CAMFT Code of Ethics §2.3
83 NASW Code of Ethics §1.07(l)
84 APA Ethics Code §6.02(a)
85 AAMFT Code of Ethics 2.5
86 California Civil Code, §56.101
87 45 C.F.R. §§ 164.306;164.308;164.310;164.312;164.314;164.316
88 Additional information regarding HIPAA security standards is available in the HIPAA section of the CAMFT website.