Eye on Ethics

Sharing Client Information With Colleagues: Ethical Challenges
By Frederic G. Reamer, PhD
August 2016

Every social worker knows that guidelines regarding sharing of client information have become increasingly complex and strict. Even before the inauguration of HIPAA in 1996, social workers understood their ethical duty to protect the confidentiality of clients' sensitive, private, and confidential information. In fact, the very first NASW Code of Ethics—adopted in 1960—required every social worker to subscribe to the statement, "I respect the privacy of the people I serve."

Since then, of course, our understanding of privacy, confidentiality, and privileged communication issues has deepened. At the national level, social workers who work in a setting that receives federal assistance and provides alcohol or drug abuse diagnosis, treatment, or referral for treatment must take careful steps to protect confidential information ("Confidentiality of Alcohol and Drug Abuse Patient Records," Title 42, Code of Federal Regulations, Part 2). The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act (Public Law 111-5, 123 Stat. 115), was created in 2009 to stimulate the adoption of electronic health records. Confidentiality breaches now face more serious penalties given modifications to both the HIPAA Privacy and Security Rules following publication of final rule provisions of the HITECH Act.

Also at the national level, school social workers must comply with confidentiality provisions in the Family Educational Rights and Privacy Act (FERPA, Title 34, Code of Federal Regulations, Part 99). FERPA is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. Further, social workers who work in the military and provide services to active-duty personnel and their families must comply with strict confidentiality provisions, e.g., those in the U.S. Code of Military Justice (10 U.S.C. Chapter 47) and the Military Rules of Evidence. Social workers employed by the VA must comply with the federal Privacy Act (5 U.S.C. 552a), Confidentiality of Certain Medical Records (38 U.S.C. 7332), and HIPAA, among other guidelines.

And then there are diverse state laws governing social workers' management of confidential information. Examples include laws concerning protection of health-related information, minors' confidentiality, confidentiality of information related to HIV/AIDS, release of information to protect clients and third parties from harm, and social work licensing board laws and regulations pertaining to the management of confidential and privileged information.

Social workers must also factor in guidelines in the NASW Code of Ethics. The most relevant standards pertain to informed consent, privacy and confidentiality, interdisciplinary collaboration, consultation with colleagues, referral for services, and client records. It behooves social workers to review these standards when they decide whether to share client information with colleagues, especially if clients do not consent to the disclosure.

Once social workers master complex confidentiality provisions embedded in federal and state laws and the NASW Code of Ethics, they must also consider their employing agencies' policies. Health and human service agencies typically adopt comprehensive guidelines governing management and release of clients' private and confidential information.

Information Sharing Among Professionals

This dizzying array of confidentiality guidelines can feel overwhelming. And they have profound implications for social workers' decisions about whether to share information with professional colleagues in conjunction with their delivery of services to clients.

Social workers consider sharing information with colleagues for several reasons. Chief among them is coordination of services. Quality social work often entails collaboration among colleagues to best serve clients. For example, a hospital-based social worker may want to share information with nursing home staffers prior to a patient's discharge to a facility. A school social worker may want to share information with a student's community-based therapist. A social worker employed in a prison may want to share information with staffers at a community-based drug treatment program prior to the inmate's release on parole. A military social worker may want to release information to a VA counselor who will be serving a soldier who is about to be discharged or "separated" from the military because of a psychiatric disability.

Social workers' decisions about disclosing sensitive information are high stakes. Information disclosed by social workers without authorization may violate clients' privacy and confidentiality rights. In contrast, failure to disclose confidential information—e.g., when disclosure by a social worker to a client's psychiatrist, without the client's consent, is likely to prevent harm to a third party whom the client has threatened—can lead to serious injury and expose social workers to the risk of an ethics complaint or lawsuit.

The easy cases are those where social workers obtain clients' consent to release information. The difficult cases involve instances when clients refuse to consent to disclosure and when, nonetheless, there may be compelling reasons for social workers to disclose.

In recent years, practitioners, administrators, and lawyers have developed useful guidelines governing sharing of information among professionals. One of the best examples is from the Bazelon Center for Mental Health Law. In a valuable document, "Health-Information Sharing for Collaboration among Agencies," Bazelon Center staffers suggest that professionals' decisions about disclosure should be based on the following key principles:

• Health care information in the record belongs to the person.
• Consent should be sought, in writing, to share personal health information.
• Individuals should be allowed to revoke their consent at any time.
• The health record that is shared should contain the minimum amount of information needed for the purpose.
• Information should be shared only with those who need to know, and only what they need to know should be shared.
• Privacy policies should be explained to the individual in language and form that is understandable to the person.
• Policies on sharing information with other parties should be clearly explained, including why the information will be shared.
• Individuals should be allowed to see their personal health information if they choose and should be allowed to correct the record.

Collegial collaboration and consultation are among the hallmarks of sound social work practice. The intimidating complexity of current confidentiality statutes, regulations, case law, and agency policies should not get in the way of social workers' overarching duty to manage confidential information in a manner that protects clients, first and foremost, and, when necessary, third parties. Rather, social workers should draw on these guidelines constructively—and, when necessary, seek consultation—in order to discharge their professional duty.