When participating in peer group communications, whether a more formal or structured listserv, or an informal group of mental health practitioners, questions or concerns about patient confidentiality may sometimes arise among group members. Some participants may be rather open when sharing information pertaining to a patient or former patient, while others may be more circumspect. With respect to determining whether there has been a wrongful breach of confidentiality, much depends upon the applicable law and the particular facts and circumstances of each situation, but a few general thoughts may be worth keeping in mind.
If the purpose of the disclosures is to help in the diagnosis or treatment of the patient, and if the disclosure is to another licensed person or persons, no authorization from the patient may be necessary. This is the case in many states and for covered providers under HIPAA. I have written about this common exception to confidentiality on several prior occasions. Thus, if there was a group of therapists who regularly shared patient information for the purposes of consulting with their peers to help in the diagnosis or treatment of their respective patients, there would typically be no problem with respect to confidentiality.
While there generally is insufficient reason to share the name of a particular patient, even a revelation of the name might not (see below) constitute a violation, since the entire disclosure was to other therapists for a diagnostic or treatment-related purpose. Those who learn of the name are aware of the importance of confidentiality and may have expressly or impliedly agreed to not further disclose information shared. Moreover, there may be some circumstances where disclosure of the name is appropriate, necessary, or defensible. If for some reason revelation of a name did constitute a technical breach, the likelihood of harm or damage to the patient seems quite limited.
In any event, unless there is good reason to reveal the name of a patient, revelation can easily be avoided. Sometimes, however, sharing the details of a patient’s treatment in a peer group may provide so much detail that the identity of the patient may become known, even if the name of the patient is not divulged. Such a situation could occur when some of the participants in the group are from the same general community or the patient described is well known – in the public eye. It is wise to mask details of a particular situation so that the identity of the patient is well protected. Many details may not be relevant to the diagnosis or treatment and can be changed without jeopardizing the clinical aspects of the case. Masking is often done by practitioners who present case studies to colleagues or to students. Much clinical information is often revealed – but the practitioner is careful to mask the identity of the patient. It is the protection of individually identifiable health information that HIPAA and most state confidentiality laws protect.
The further away one gets from a pure peer group that provides a place for clinical consultation amongst a select group of participants, the more careful one needs to be. This is because the general exception to confidentiality that deals with communications with other health care providers for purposes of diagnosis or treatment of the patient may no longer be applicable or may be compromised by the “presence” of others who are not there to discuss or opine upon the patient’s diagnosis or treatment – albeit that the others are therapists. If, however, the identity of the patient is well- protected or masked, there would likely be nothing wrong with discussing the clinical aspects of the case in the presence of those others.
Whatever the kind of peer group (a clinical consultation group or a multi-purpose group or listserv), the sponsors, leaders, or initiators of such a group would typically discuss or promulgate some rules of operation, issue some cautions, and may seek some form of agreement or promise from the participants as to their expected behavior relative to patient confidentiality.