I’ve been in and out of therapy for most of my life, and I’ve always been under the assumption that therapy sessions are pretty much all confidential, bound by HIPAA, except for in a few circumstances like preventing harm to the client or others.
One of my family members is a family therapist and over the holidays she was sharing stories from her and her colleagues’ clients. I was kind of put off by this but didn’t want to start anything. None of the information made the clients identifiable, so I thought maybe this was the loophole but that still doesn’t sound right to me. Is this normal?
I really don’t know, but I’ve read several books by psychiatrists, psychologists, and therapists where they shared client stories, without PII. I would think it’s ok to share generic stories as long as the client can’t be identified, only because I doubt from some of the stories I’ve read that all those clients consented to having their stories told, but who knows. Hopefully somebody with expertise can chime in!
I have experience from the “proper handling of PII” side of things, and can tell you that while everyone covered by HIPAA has likely taken the mandatory PII training, most, if asked, wouldn’t be able to identify what is and isn’t protected from a list of examples.
So no matter what the rules say, medical and therapy data leak like a sieve, and modern expert systems, if provided with the information, could probably identify the patients 90% of the time.
What medical practitioners and therapists are really protected by is insurance.
HIPAA also only covers specific types of information medium. It’s not a generic “you can’t share information” law like most people think it is, it’s a “if you’re storing information you need to follow these rules about who can see what, and have these safeguards in place to prevent access” law.
I’d upvote you multiple times if I could.
And in some cases, they are actually required to share information with the government/police.