Confidentiality and Mental Health Referrals: Privacy Laws and Duty of Care

Author:

Hayley Snelling

B.S. Psychology

Editor:

Emma Loker

B.S

How can employers support their workers’ mental health needs whilst protecting their rights to privacy and confidentiality? Getting the balance right is an issue that many employers face. So, how can organizations and their Human Resources (HR) department make sure they meet their legal obligations for mental health recommendations while maintaining trust and safeguarding sensitive information?

Confidentiality in mental health referrals is key to protecting the rights of the individual and keeping compliant with privacy laws. When a worker asks for help for their mental health they are putting trust in their employer, HR, and mental health providers to support them and keep their information safe. It is essential to be clear on understanding mental health referral privacy laws to do this, especially knowing how the laws affect the duty of care employers have toward their employees.

Together, we will look at confidentiality and mental health referrals in the workplace. We will explain what confidentiality means and looks like in terms of mental health referrals, discuss the mental health referral process and privacy laws, and look at the duty of care employers have towards their employees. We will also touch on the role of HR in managing mental health referrals, and share some best practices for protecting worker privacy through the referral process, helping you to create a supportive and legally compliant work environment for everyone.

What Is Confidentiality in Mental Health Referrals?

Confidentiality in mental health referrals means that your personal information is kept private. This might include information such as your lifestyle, family, health or care needs, mental health, and any psychotherapy that you have had.¹ Keeping information confidential helps to build trust and make sure that the patient feels safe enough to share what they are experiencing. Any mental health referral process has to respect this need for confidentiality, and only share information that is necessary for treatment through the referral with the consent of the patient – in this case, the employee.

Protecting client privacy during mental health referrals is essential for effective care. If confidentiality were broken, trust in the whole process would be shaken. Patients would be less inclined to give out their personal information to get the help they need – they would be worried about their intimate details being made public. You can see why trust is incredibly important in the healthcare system, especially when it comes to mental health. That is why there are laws to protect your privacy.

One of your patient rights when referred for mental health treatment is to have your personal and medical information kept private and confidential, whether that information is written, spoken, or electronic. Sharing information plays a big part in making sure you get the best and safest care possible, so healthcare professionals involved in your treatment need to have access to relevant and accurate details about you.³

You have the right to object to the sharing of your information, the right to access your own medical records, and the right to withdraw your consent, at any point during the treatment or referral process.

Privacy Rights During Mental Health Treatment Referrals

In the United States (U.S.), mental health referral confidentiality laws include the Health Insurance Portability and Accountability Act (HIPAA), which protects patient healthcare information and explains your rights to privacy.²

Duty of Care Responsibilities for Mental Health Providers

It doesn’t matter how big or small your organization is – all employers have a duty of care towards their staff. A duty of care means there is a legal and ethical obligation to protect the safety and well-being of people.⁴

In a company, this means your employees and anyone on your premises. For healthcare organizations, this also includes patients. Employers and healthcare providers alike have to act reasonably and prevent foreseeable harm. Let’s take a closer look at duty of care, and how it differs from confidentiality when it comes to mental health referrals.

Duty of Care for Mental Health Referrals

When considering workplace mental health referrals, the employer has to take reasonable steps to make sure that employees asking for support are directed toward appropriate services in a good timeframe.

Employers are responsible for making the work environment a place where employees feel safe and supported. They must ensure that people are given fair opportunities at work, including accessing resources for their health or making reasonable adjustments, whilst respecting privacy and confidentiality.

The duty of care means that not only does the employer need to address any immediate health needs of their workers, but also provide long-term support so that the employee can recover and grow in the workplace, such as minimizing workplace stress. It all comes down to providing a safe environment for your employees.^4,5

The duty of care also applies to patient confidentiality for psychiatric referrals. Mental health providers have to process the personal information received with the referral as confidential. They must provide treatments or referrals that are in the best interest of the person seeking help in a timely fashion, assess any risk to the patient, and address these concerns.

It also means that mental health providers must protect other people from a patient’s potential harm, even if it means breaking confidentiality.² This is why the “duty of care” is also sometimes known as the “duty to protect” or “duty to warn.” For example, if a therapist believes that their patient is at high risk for being violent toward another person, there is an obligation to protect the intended victim against the danger. The therapist may have to warn the intended victim, the police, or take any other reasonable steps under the circumstances⁶. This is where the duty of care and confidentiality can appear to clash, so let’s take a look at some of the key differences below.⁷

Duty to Warn vs Confidentiality in Mental Health

Duty of Care (a.k.a. duty to protect / duty to warn):

Legal and ethical obligations to act reasonably and responsibly to prevent harm to a patient, employee, or client.
Must provide appropriate and timely care.
Ensure safety and well-being.
Act in their best interests.

Principles of Confidentiality:

Keep information private and secure
Applies to patient and employee information, including diagnosis, history, and personal details.
Confidentiality can be overridden in several situations, including
- When they are at risk of harming themselves or other people.
- When legally obliged to.
- When the person gives consent for information to be shared.

Workplace Mental Health Referrals: HR’s Role and Privacy Guidelines

HR has a very important role when it comes to workplace mental health – they can provide support, and resources, and connect and refer employees to the relevant professionals. One study showed that over half of employees say they feel more productive and engaged with work when their organization offers resources like counseling or wellness programs, so there are multiple benefits to treating your employees well.⁸

HR should step in for advice and guidance in certain circumstances. These include when an employee’s mental health is impacting their work performance, when there are concerns about the employee’s well-being or safety, and when reasonable adjustments may be needed. Being able to offer resources like Employee Assistance Programs (EAPs) and the chance to talk to a professional confidentially can really help workers with their mental health, productivity, and overall morale.

When handling workplace mental health referrals, the employee’s rights to privacy and confidentiality must be protected under HIPAA and legal obligations must be respected under the Americans with Disabilities Act (ADA).^9,10 All health information should be treated as confidential, and information should only be shared once the employee has explicitly consented to it. You should be able to clearly explain the referral process, the reasons for the referral, and potential outcomes so that the employee is informed sufficiently to provide their consent.¹¹ All referrals should be carried out in line with your workplace mental health referral privacy guidelines.

Best Practices for Protecting Client Privacy in Mental Health Referrals

When managing mental health referrals, protecting the privacy and confidentiality of the employee is essential. Here are some of our top tips for how to handle private mental health referrals:

Informed consent: Get informed consent from the employee before sharing any information with a mental health provider. For the consent to be informed, the worker needs to understand what information will be shared, who it will be shared with, and why.
Only share what is necessary: Only share the information needed for the mental health provider to be able to give proper care, do not give other information that isn’t necessary for the referral.
Keep communication confidential: Use secure and confidential methods of communication for referrals, such as using an encrypted system for messaging or emailing.
Legal privacy guidelines: Make sure you are clear on your responsibilities under HIPAA in terms of how you handle, store, and share health information.²
Confidential mental health policies: Make sure there are clear workplace policies about mental health referrals, which include information on confidentiality and respecting the privacy of the individual.
Provide training for managers and HR: Training them on privacy, sensitivity, and mental health will help ensure they have a good level of knowledge and understanding of the legal obligations they have to protect privacy and how to handle sensitive information.
Safe and supportive environment: Create a workplace culture where employees feel comfortable asking for the mental health support that they need without worrying about breaches of privacy or judgment from others. The workplace should be a stigma- and discrimination-free environment for all.⁸

By following these points, you can ensure that your referrals are handled ethically and legally and that employee privacy is maintained while supporting their mental health needs in an effective and compassionate way.

Seek Guidance on Confidentiality & Privacy Laws Today

At Mission Connection, we can support your organization to create a healthier, more productive workforce while ensuring that confidentiality is not compromised. Our services are tailored to address the mental health needs of your employees, ensuring that we meet your employees where they’re at, and help them to thrive despite their difficulties.

We offer:

24/7 telehealth lines: So that you can receive support, whenever you need it.
Various therapeutic approaches: We offer a range of therapy services, including cognitive behavioral therapy (CBT), trauma-focused therapy, and mindfulness therapy.
Online talk therapy: If your business isn’t in California, Virginia, or Washington, it doesn’t mean you can’t access our services. We offer online talk therapy. However, it’s important to know that therapist licensing restrictions mean that we can’t offer these services in some U.S. states. Please reach out to us at 866-708-3828 for further guidance on this.

For personalized support, contact our experts at Mission Connection today and schedule a free consultation. Click here to get started.

References

Patient confidentiality: HIPAA and mental health treatment. (n.d.). Mission Connection Healthcare. https://missionconnectionhealthcare.com/mental-health/legal-rights/patient-confidentiality/
U.S. Department of Health & Human Services. (n.d.). HIPAA privacy rule and sharing information related to mental health. In U.S. Department of Health & Human Services. https://www.hhs.gov/sites/default/files/hipaa-privacy-rule-and-sharing-info-related-to-mental-health.pdf
GMC. (2017). Confidentiality: good practice in handling patient information. Professional Standards. https://www.gmc-uk.org/-/media/documents/gmc-guidance-for-doctors—confidentiality-good-practice-in-handling-patient-information—-70080105.pdf
Health Assured. (n.d.). Duty of Care Definition – an Employers Guide. https://www.healthassured.org/blog/duty-of-care/
Occupational Safety and Health Administration. (n.d.). Workplace stress – Overview. https://www.osha.gov/workplace-stress
Legal and Regulatory Affairs Staff. (2005, May 24). A matter of law: Psychologists’ duty to protect. American Psychological Association. https://www.apaservices.org/practice/business/legal/professional/duty-protect
Rethink Mental Illness (n.d.). Confidentiality. https://www.rethink.org/advice-and-information/rights-laws-and-criminal-justice/your-rights/confidentiality/
MHFA Portal. (2024, November 21). Key workplace mental health statistics for 2024. https://mhfaengland.org/mhfa-centre/blog/Key-workplace-mental-health-statistics-for-2024/
Branning, G., Waters, H. C., Houle, C. R., Worthy, S. L., Fink, B., & Hayes, K. (2021, December 1). Mental Illness Disclosure in the workplace: an opportunity for improvement. https://pmc.ncbi.nlm.nih.gov/articles/PMC8844635/
Rights, O. F. C. (2022, January 19). Your rights under HIPAA. HHS.gov. https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html
Aleksandrova, A. (2024, August 22). Occupational health referral: What employers need to know. Healthscreen UK. https://www.healthscreenuk.co.uk/occupational-health-referral-what-employers-need-to-know/