Privacy and confidentiality are respected principles in the mental health code of ethics. Privacy primarily entails the ability of patients to have their sensitive and confidential information safeguarded by mental health practitioners while receiving or seeking help. On the contrary, encompasses a smaller range that involves keeping personal information secure between a patient and therapist. In the mental health system, the right to consumer privacy and confidentiality are paramount, legally requiring consent before information sharing. Despite much progress in addressing privacy and confidentiality issues, the issue persists, most notably with the ever-expanding application of the internet and digital technologies.
Growing concerns about privacy and confidentiality issues in mental health have implications across many social care and healthcare contexts. The delivery of quality care often encompasses collecting, analyzing, using, and disclosing personal health information. However, disclosing sensitive patient data during a healthcare encounter to unwarranted individuals may have particular consequences. Subsequently, in Ontario, Canada, the Personal Health Information Protection Act (PHIPA) is used with the primary objective of regulating and establishing rules involving the collection, access, and disclosure of personal health records to safeguard patient confidentiality and privacy (Sarabdeen et al., 2022). The Act introduced the right to data portability and covered both print and data in electronic format.
A PHIPA privacy policy is core to promoting good ethical practices in healthcare by describing organizational expectations to comply with PHIP requirements. Under PHIPA, health practitioners are legally obligated to safeguard protected patient information such as personal addresses, CPSO numbers, medical histories, and diagnoses. The PHIPA compliance checklist is designed to aid mental health information custodians in complying with PHIPA. Some of their obligations include establishing and monitoring an audit log for electronic health records and providing patients with access to an electronic version of their records. Additionally, under PHIPA, practitioners are only authorized to collect personal health information to provide healthcare services.
However, in spite of the guidelines described by PHIPA and global efforts to warrant the privacy and confidentiality of protected patient information in mental health, practitioners are constantly challenged by not only legal compliance but also technological advancements, stigma discrimination, and information concerns. In any healthcare setting, care coordination is a core collaborative process that relies on practitioners sharing resources and information to improve the outcomes and quality of care. Nonetheless, care coordination also raises legal and ethical concerns about the confidentiality and privacy of protected health information. The issue arises in determining the best approach to balance information sharing in care coordination and privacy.
The most prevalent technology-related concern is the growth of cybercriminal activities. Health information is perceived as a valuable resource by hackers. Lustgarten et al. (2020, p.25) state that “mental health providers increasingly use technology for psychotherapy services.” Consequently, practitioners must adhere to security frameworks and policies to safeguard patient privacy. Another challenge practitioners face in practice involves addressing stigma and discrimination associated with privacy concerns. In mental health, practitioners are expected to challenge misconceptions and stereotypes in society to create a more supportive and informed environment that discards discrimination and judgement to prioritize the protection of patient information.
While international health authorities and research widely recognize the significance of privacy and confidentiality as fundamental to mental healthcare, the inclusion of its implications for community mental health is often overlooked. Firstly, “confidentiality is a central bioethical principle governing the provider-patient relationship” (Aboujaoude, 2019, p.604). Therefore, upholding privacy and confidentiality is a crucial ingredient to trust-building. In a mental health setting, gaining a patient’s trust is often of the utmost importance in therapy sessions. Patients who feel protected are more prone to engage with community mental health services. Subsequently, upholding patient privacy and confidentiality encourages communication and ensures practitioners comply with PHIPA regulations. Legal compliance by a mental health institution is essential to protect the institution and the mental health practitioners from legal repercussions such as substantial fines, possible imprisonment, or license revoking.
With the widespread use of electronic records and digital devices in mental health, navigating technology-related challenges in maintaining confidentiality mainly encompasses addressing and mitigating the threats posed by these advancements. However, the rapid growth of technological advancements is not concurrent with the number of skilled personnel or trainees recruited by mental health facilities. Accordingly, an important recommendation is to advocate the importance of employee training and education programs. Employee information security awareness (ISA) should be considered a critical aspect of protection against undesirable information security behaviours (Khando et al., 2021). A significant number of privacy breaches in mental health are due to the exploitation of human elements.
Though digital devices are crucial in improving efficiency, accuracy, and care collaboration in mental health, it is essential to recognize and acknowledge the risk of cyber threats. Research notes that ensuring practitioners are aware or skilled in using information-protective behaviours is often challenging. Furthermore, according to Bélanger et al. (2022, p.1), “employees increasingly use their own devices for work (BYOD), but with limited compliance with BYOD policies.” To safeguard against such outcomes, it is prudent to incorporate a robust regulatory framework and standardized protocols to encourage sustainable care emphasizing privacy and confidentiality.
Aboujaoude, E. (2019). Protecting privacy to protect mental health: the new ethical imperative. Journal of Medical Ethics, 45(9), 604–607. https://doi.org/10.1136/medethics-2018-105313
Bélanger, F., Maier, J., & Maier, M. (2022). A longitudinal study on improving employee information protective knowledge and behaviours. Computers & Security, 116, 102641. https://doi.org/10.1016/j.cose.2022.102641
Khando, K., Gao, S., Islam, M. S., & Salman, A. (2021). Enhancing employees information security awareness in private and public organizations: A systematic literature review. Computers & Security, p. 106, 102267. https://doi.org/10.1016/j.cose.2021.102267
Lustgarten, S. D., Garrison, Y. L., Sinnard, M. T., & Flynn, A. (2020). Digital privacy in mental healthcare: current issues and recommendations for technology use. Current Opinion in Psychology (Print), 36, 25–31. https://doi.org/10.1016/j.copsyc.2020.03.012
Sarabdeen, J., Chikhaoui, E., & Ishak, M. M. M. (2022). Creating standards for Canadian health data protection during health emergency – An analysis of privacy regulations and laws. Heliyon (Londen), 8(5), e09458. https://doi.org/10.1016/j.heliyon.2022.e09458