A few weeks ago, Twitter was buzzing with comments and opinions about a peculiar case from Harvard University—a student had alleged sexual harassment and filed a complaint against a professor of anthropology. She later alleged that Harvard got access to her therapist’s confidential records, without her consent, and used it to undermine her credibility and the complaint. While charges and counter-complaints continue, it does raise concerns about patient privacy, especially in a country like India, where confidentiality codes are not strictly adhered to or even defined for mental health practitioners.
About 90% of India’s nearly 200 million people living with mental health illnesses lack access to critical services, despite the fact that many of them own smartphones. To address this, the National Mental Health Survey (2016) proposed that smartphone-based applications, digital decision support tools, and electronic databases be used to follow up with people with mental illnesses. This would let providers, patients and other stakeholders share massive amounts of mental health data. There has been little focus on data privacy in the research so far to evaluate digital mental health services in India. While digital tools will help address the huge gap in provision of mental health services, India needs to strengthen the legalities around data privacy and confidentiality in mental health care.
Zahabiya Bambora, a psychologist at counselling service HopeQure, brings up the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the goal of which is to safeguard the privacy of those who receive health care services. If the person in treatment agrees, therapists may disclose relevant information directly connected to therapy with people involved in their care under HIPAA. “During the course of mental health therapy, the therapist may feel compelled to communicate specific information with a client's partner, parent, doctor or with law enforcement. HIPAA outlines guidelines for disclosing this type of information to anyone involved in a person's care,” she explains.
The cases where the therapist is obliged to give information about the client to a family member or to police is if the client is harmful to others, expresses ideas about suicide, or is under threat from others. Again, this information will be given post agreement with the client and in a discreet manner. As Dr. Kedar Tilwe, consultant psychiatrist, Fortis Hospital Mulund & Fortis Hiranandani Hospital, Vashi in Mumbai, says, “Confidentiality and trust are the bedrock of any therapeutic alliance and as such should never be comprised, unless in the best interest of the patient, and that too with their prior consent.” He says the that Harvard case “highlights the need for respecting communication between the therapist and the client, as well as the urgent need for clear-cut guidelines which can be implemented practically and help clear up the doubts that grey areas raise.”
Dr. Vasant Mundra of Hinduja Hospital & MRC gives some instances of conflicts and grey areas that put therapist on the spot. “If a child tells her therapist that she was abused by her father, should the therapist break the child's confidentiality and inform the mother or the legal authorities? Or does one keep quiet and let the child decide? The same may apply to someone who has been violent or harmed others—do we inform the authorities? In the case of those who take banned substances, which is very common and also a crime, what does the therapist do? There’s a chain where the substances come from, and the client has access to them. Shouldn’t one inform the authorities?” These are difficult situations, and one doesn't have clear answers to whether one should put the patient first or societal good, he says. The lack of clear regulations and rules have also led to unethical practices such as ostracism, discrimination and termination of employment for mental health reasons.
Considering the lack of regulation, clients and patients have to take steps to ensure their privacy. One of the first steps is to ensure that the therapist has the right qualifications and training, and signs a confidentiality agreement prior to starting sessions. Samriti Makkar Midha, psychologist and psychotherapist, and co-founder and Partner at POSH at Work, says, “Many therapists undergo rigorous training for 5 to 10 years. Then, there are others who get certification programmes for 1-2 years and call themselves ‘mental health practitioners’. A short programme won’t cover the nuances and protocols of therapy and those who go for these short courses won’t have expertise.” Midha advises clients to ask therapists for their qualifications and training details as well as a confidentiality agreement.
Bambora of HopeQure provides three tips to ensure confidentiality of counselling sessions. First, make sure you understand the data privacy and confidentiality terms handed to you. It is important for you to know when and how information can be shared with your workplace or family. Second, demographic data that is collected should be relevant, adequate, and limited to the purpose of collecting data. Third, there should be no restrictions on the issues that can be discussed within the therapeutic process.
Dr Tilwe believes that with the implementation of the new Mental Healthcare Act of 2017 and the formation of national, state and local regulatory boards, India has taken giant strides to ensure protection of the rights and privacy of persons suffering from mental illness. “While privacy is a right, clearly stating whether you are comfortable with the details of the conversation being shared at the very start of your therapy can give clear guidelines to your therapist to follow and protect your privacy,” Dr. Tilwe says.
Divya Naik is a Mumbai-based psychotherapist, rational emotive behaviour therapy (REBT) and cognitive behaviour therapy (CBT) counsellor.