I’ve been in and out of therapy for most of my life, and I’ve always been under the assumption that therapy sessions are pretty much all confidential, bound by HIPAA, except for in a few circumstances like preventing harm to the client or others.
One of my family members is a family therapist and over the holidays she was sharing stories from her and her colleagues’ clients. I was kind of put off by this but didn’t want to start anything. None of the information made the clients identifiable, so I thought maybe this was the loophole but that still doesn’t sound right to me. Is this normal?
They’re allowed to only share bits of what they’ve heard by other clients if it relates to something you’ve told them. They’re not allowed to explicitly detail names. That’s what my therapist does.
Doctors can share the details of your genial warts as well as long as it doesn’t become painfully clear they were taking about you. The same logic applies to therapists. They can share your story but not the fact that it is yours. And if they have a lot of patients they have a certain level of obscurity. And if they’re clever they change a couple of things about the story to make it less obvious.
The distinction I would make here is the intent behind sharing the story. If it’s a function of venting with other professionals, I get it. They’re only human too. If it’s meant as a sort of teachable moment to others present, I think that’s alright. If it’s a “get a load of this shit” story telling and I found out, I would change therapists.
I really don’t know, but I’ve read several books by psychiatrists, psychologists, and therapists where they shared client stories, without PII. I would think it’s ok to share generic stories as long as the client can’t be identified, only because I doubt from some of the stories I’ve read that all those clients consented to having their stories told, but who knows. Hopefully somebody with expertise can chime in!
I have experience from the “proper handling of PII” side of things, and can tell you that while everyone covered by HIPAA has likely taken the mandatory PII training, most, if asked, wouldn’t be able to identify what is and isn’t protected from a list of examples.
So no matter what the rules say, medical and therapy data leak like a sieve, and modern expert systems, if provided with the information, could probably identify the patients 90% of the time.
What medical practitioners and therapists are really protected by is insurance.
HIPAA also only covers specific types of information medium. It’s not a generic “you can’t share information” law like most people think it is, it’s a “if you’re storing information you need to follow these rules about who can see what, and have these safeguards in place to prevent access” law.
I’d upvote you multiple times if I could.
And in some cases, they are actually required to share information with the government/police.
