Columnists and Correspondents

Jeffrey E. Barnett, Psy.D.

For these reasons the informed consent process in general and an understanding of the limits to confidentiality in particular take on great importance. Clearly, patients have the right to know in advance of discussing sensitive issues any limits to confidentiality that may exist. Knowledge of these limits may have a great impact on what a patient chooses to share or discuss in treatment.

The important issues of informed consent and limits to confidentiality will be addressed in subsequent articles in this series. In this brief article, the focus is on inadvertent breeches of confidentiality which may damage the therapy relationship, create a negative view of psychology and mental health treatment in general, or possibly lead to ethics complaints or malpractice claims.

A patient's privacy may be violated and confidentiality breeched in a variety of ways, many of which are unintentional. Areas to address and steps to take include:

Soundproofing: Soundproofing our offices is an important detail to attend to so that conversations with patients will not be overheard by those in waiting rooms or outside our office. Careful attention to soundproofing walls, doors, and ceilings will help prevent such invasions of privacy. The use of a 'white noise' machine outside the door of one's office and the use of soft music in the waiting room may help as well.

Office Planning: Placing a receptionist or secretary in the same area as waiting patients creates a great threat to patient privacy. If office staff are making or receiving telephone calls in the presence of patients or others in the waiting room sensitive information may be disclosed. Telephone conversations concerning patient information, insurance and billing, and appointment scheduling should all be done in private. Placing office staff behind a movable glass partition is helpful so that patients may be greeted but also privacy may be maintained.

Access to Records: All patient records should be safeguarded so that unauthorized access to them will be prevented. Records should be stored in locked cabinets with access to the keys tightly restricted. Leaving one's session notes on one's desk over night may give the cleaning crew or others access to treatment information. Office staff should be instructed in the steps to take to maintain patient confidentiality.

Discussion of Patients: The discussion of patients with others should be consistent with the APA Ethics Code (APA, 1992) and relevant state laws. Steps should be taken to protect each patient's anonymity even when consulting with colleagues and consultation is best carried out in a private setting. Discussion of patients with family, friends, and others should be avoided. Those with a need to vent about one's day may wish to seek out a peer support group.

Use of Technology:

Fax Machines: When using fax machines to send evaluations, reports, and other patient-related information it is important to ensure that steps are taken to prevent inadvertent disclosures of confidential information. The use of preprogrammed speed dialing will help avoid misdialing and having sensitive information being sent to the wrong individual. Because a fax may not reach the intended recipient the use of a cover sheet is recommended. Brockman and VandeCreek (1994) recommend it state who sent the fax, who is to receive it, the number of pages, a statement regarding redisclosure, a statement regarding destruction of the fax, and verification instructions. Verifying who will have access to the fax machine on the receiving end will also help to prevent unintended disclosures from occurring.

Computers: All patient records should be protected by a password and, if possible, encryption. Like all other treatment records computer disks should be stored in a locked cabinet. It is also important not to leave patient information on the computer's monitor when leaving one's work area. Merely erasing used disks may not prove sufficient since they may be restored and the data accessed by those with certain computer skills. The use of a program to 'wipe' used disks is recommended.

E-mail: It is strongly recommended that e-mail not be used as a method for discussing confidential patient information unless the patient is first made aware of the risks and then agrees to this practice. Sussman (1995) states that without encryption e-mail is no more private than a postcard. Quittner (1995) describes it like a vault with a screen door on the back. If confidential information must be shared via e-mail the use of encryption is recommended.

Telephones and Answering Machines: Conversations on cellular and wireless telephones may easily be listened in on. There are reports of individuals hearing cellular telephone conversations over AM radios and nursery monitors. Confidential patient information should not be discussed on such phones. Answering machines should be kept in a secure location so unauthorized individuals won't have access to them. With voice mail, the use of a restricted pass code is recommended so that access to patients' messages will be restricted.

Disposal of Records: This should be done in accordance with the APA ethics code and relevant state laws. Additionally, a method such as shredding should be used before documents are disposed of. One certainly does not want ripped trash bags and spilled garbage cans to lead to unintended invasions of privacy.

Attention to these issues is of importance to psychologists in our quest to attend to our patients' welfare. The use of well thought out office policies, attention to the physical considerations of our offices, and the careful use of the many technologies available to us will help practitioners to avoid unauthorized releases of confidential information and inadvertent violations of our patients' privacy.

References

American Psychological Association. (1992). Ethical principles of psychologists and code of conduct. American Psychologist, 47, 1597-1611.

Brockman, R.A. and VandeCreek, L. (1994). Technology and confidentiality in the office. The Psychotherapy Bulletin, 28, 53-56.

Quittner, J. (February 27, 1995). Cracks in the internet. Time, 33-45.

Sussman, V. (January 23, 1995). Policing cyberspace. U.S. News and World Report, 55-60.