Patient Confidentiality: HIPAA and Mental Health Treatment

Author:

Hayley Snelling

B.S. Psychology

Editor:

Emma Loker

B.S

Imagine looking for support for your mental health, only to worry that your deepest struggles might be exposed – would you still feel safe sharing them?

Confidentiality is one of the fundamental principles of mental health care, allowing you to seek help without worrying about judgment or your secrets being exposed. Without clear laws to protect confidentiality, many people might think twice about talking to a professional about their mental health, with them delaying or even avoiding getting the help they most need.

In the United States, patient confidentiality is safeguarded by laws like the Health Insurance Portability and Accountability Act (HIPAA), ensuring that sensitive mental health information is protected. However, the limits of confidentiality can sometimes seem unclear. You might wonder what your rights are if there are circumstances where information can be shared with others, and what you can do if you think your right to privacy has been violated.

On this page, we’ll explore:

What patient confidentiality is
Legal rights patients have over their private mental health information
Key laws that govern mental health confidentiality, including HIPAA

Understanding these will empower you to protect your privacy while being able to trust the therapeutic process. Let’s look at what you need to know so that you can feel confident getting the help you need.

What Is Patient Confidentiality?

When we talk about anything being confidential, it means that it’s supposed to be kept private. You may have heard about confidential information – this is data that isn’t allowed to be given out to anyone else.

Patient confidentiality means protecting the personal information of you, the patient. It is your personal information, so you want to be sure that it’s kept on a need-to-know basis. That information can include things like your personal details, lifestyle, healthcare needs, medical history, and treatments. The health professionals directly involved with your care will have access to this information; they are also trusted to protect this information and keep it confidential at all times.¹

If patient confidentiality were to be broken and personal details were seen by people who didn’t have any right or reason to see them, trust in the whole process would be shaken. Patients would be less likely to give correct information that may be needed to get appropriate care because they may be worried about their details getting out again. There is a huge amount of trust that comes into caring for patients with mental health conditions, which is why there are laws in place to make sure your privacy is protected.

Do Patients Have a Right to Confidentiality?

Do patients have a right to confidentiality? Absolutely!

You have a right to have your personal and medical information kept confidential and private. This means that healthcare professionals must protect that information for you. It applies to information whether it is written, electronic, or spoken, and covers people such as health care providers and health plan providers.²

However, appropriate sharing of patient information also plays a part in ensuring you receive the best and safest care possible, so the healthcare professionals involved in your treatment need to have access to relevant, up-to-date details about you.³

On the majority of occasions, you will usually be asked about sharing this type of information before it is actually done, although there are some specific exceptions to this, which we will go into below.

What Are the Mental Health Confidentiality Laws?

In the United States (U.S.), mental health confidentiality is covered by HIPAA, which protects patient health information.4 It clearly lays out your rights to privacy in mental health care. As a patient, your health information and medical records – including information about your mental health or psychotherapy you may have had – are protected and kept private, even from your family and colleagues. Family access to mental health records under HIPAA is restricted, and you would need to give your explicit written consent for anyone to access your information.

In addition, you also have the right under HIPAA to see or have a copy of your medical records and other types of health information. If you see something which seems incorrect, you can ask to have it changed. You are also allowed to know who has seen your health information.⁵

Although health information cannot be shared without your written consent, it’s important to know that there are some exceptional cases where confidentiality may be broken, such as for the safety of yourself and others.

Are you wondering exactly what mental health information is protected by HIPAA and what isn’t? Keep reading to find out how HIPAA protects mental health patients.

What Information Is Protected Under HIPAA?

When it comes to HIPAA and mental health records, there are two types of information that HIPAA defines: protected health information and de-identified health information.⁶

Protected Health Information: The HIPAA privacy rule protects all individually identifiable health information held by people such as health professionals and health plan workers. This includes information that relates to your physical or mental health conditions (whether in the past, present, or future), as well as health care given to the patient, which identifies the patient. This means any information which also includes your name, address, social security number, and date of birth.
De-Identified Health Information: This type of information is not restricted, as long as it doesn’t have any way to identify the patient. Essentially, it must be anonymized information.

When Can a Therapist Break Confidentiality?

Psychotherapy is most effective as a treatment for mental health conditions when you can be completely open and honest about the challenges you are having. Knowing your rights to confidentiality is important for this, as it’s very difficult to open up to a complete stranger if you think that there’s a chance that your secrets or the innermost workings of your mind may become common knowledge. Therapists understand this, which is why they take your privacy very seriously from both an ethical and a legal point of view7. The HIPAA privacy rule protects your psychotherapy and mental health details, as well as your medical records and health information. This includes anything you say in a session with your therapist, any notes the therapist takes, your diagnosis, and personal details.

When you first start working with a therapist, they should have a written privacy policy for you to read and understand. This will go into details of therapist confidentiality and HIPAA laws, such as how your therapist will handle and protect your personal information, as well as there being a few exceptions to the privacy rule, where they can share information without the need for your consent. These are very specific situations and will be detailed in the therapist’s policy but include the following:⁸

1. To Protect the Patient or Public From Serious Harm

If your therapist believes that you may attempt suicide or harm another person, they are allowed to disclose your private information without consent.

2. Ongoing Violence or Neglect

Therapists have to report ongoing domestic violence, abuse, or neglect of children, the elderly, or people with disabilities.

3. If Required by Law

If a therapist receives a court order requesting information about you, for example, they have to release your information for your legal proceedings.

If your treatment is paid for through a health insurance company, therapists will share certain information – such as your diagnosis and treatment – with them so that the company can determine what care is covered. Don’t worry though, because as said earlier, health insurance companies are also bound by patient confidentiality, so your right to privacy is still protected.

How to File a HIPAA Violation for Mental Health Care

If you believe that your right to privacy has been violated when it comes to your mental health care and the HIPAA Privacy Rules, you can file a health information privacy complaint to the Office of Civil Rights (OCR).⁹

Details on how to do this are available here through the HIPAA complaint process, but we’ll go through the general points below.

Your complaint must be filed in writing – by mail, email, fax, or online through the OCR complaint portal.
You must name the business or company involved and describe what they have done or what they have failed to do.
Your complaint must be filed within 180 days of when you knew that the failure had happened.
If you file the complaint online you need to electronically sign and complete the consent form, after which you can submit it and print out a copy of your complaint for your own records.
If a complaint is made by mail, there is a document available to help you file your complaint, along with the address to send it to.
Once you have filed your complaint, either by mail, email, fax, or the complaint portal, the OCR will then investigate.

If you are receiving treatment and believe there has been a confidentiality breach, your treatment center or healthcare professional can help you file a HIPAA violation complaint, if necessary.

Get Support From Mission Connection Today

When you choose Mission Connection to support you through your mental health struggles, you don’t need to worry about fighting for your rights. We understand how important it is to be able to trust your healthcare provider, and we will always strive to uphold the law.

We provide compassionate support tailored to your individual needs while respecting your rights and autonomy. We know that living with a mental health condition affects everyone differently – that’s why we offer a range of treatment approaches designed to empower you on your road to recovery. Some of our services include:

Short-term inpatient stays for emergencies or severe symptoms
Partial hospitalization, allowing you to receive treatment in the daytime and spend evenings in your own home
Intensive outpatient programs with multiple weekly sessions
Outpatient services like online therapy, Mindfulness Therapy, and TMS therapy

Your well-being is our priority, and we respect your right to make informed choices about your treatment. We will work with you to create a treatment plan that feels right for you. We work within the law, and your confidentiality is protected whether you meet with a therapist face-to-face or online. You are guaranteed the HIPAA protections for telehealth mental health services, which we provide.

We want to make sure you can access the right treatment when you most need it, so we offer a range of payment options to help ease any concerns over the cost of mental health care.

Contact us today to begin your healing journey. Your well-being matters, and we’re here to provide you with the support you need – respecting your choices every step of the way.

References

Introduction to confidentiality. (n.d.). The HCPC. https://www.hcpc-uk.org/standards/meeting-our-standards/confidentiality/guidance-on-confidentiality/introduction-to-confidentiality/
HHS. (2022, January 19). Your rights under HIPAA. HHS.gov. https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html
GMC. (2017). Confidentiality: good practice in handling patient information. Professional Standards. https://www.gmc-uk.org/-/media/documents/gmc-guidance-for-doctors—confidentiality-good-practice-in-handling-patient-information—-70080105.pdf
U.S. Department of Health & Human Services. (n.d.). HIPAA privacy rule and sharing information related to mental health. In U.S. Department of Health & Human Services. https://www.hhs.gov/sites/default/files/hipaa-privacy-rule-and-sharing-info-related-to-mental-health.pdf
U.S. Department of Health & Human Services. (1996). Your health information privacy rights. In Office for Civil Rights. https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/understanding/consumers/consumer_rights.pdf
HHS. (2025, March 14). Summary of the HIPAA Privacy Rule. HHS.gov. https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html
Protecting your privacy: Understanding confidentiality in psychotherapy. (2019, October 30). https://www.apa.org. https://www.apa.org/topics/psychotherapy/confidentiality
45 CFR § 164.512 – Uses and disclosures for which an authorization or opportunity to agree or object is not required. (n.d.). LII / Legal Information Institute. https://www.law.cornell.edu/cfr/text/45/164.512
HHS. (2023, October 16). How to file a health information privacy or security Complaint. HHS.gov. https://www.hhs.gov/hipaa/filing-a-complaint/complaint-process/index.html