Therapist-client confidentiality has several well-defined exceptions. Your therapist is legally and ethically required to break confidentiality when someone’s safety is at risk, when abuse is suspected, or when a court compels disclosure. These limits exist in every state, though the specific rules vary. Most therapists will walk you through these exceptions during your very first session, before any real counseling begins.
Risk of Harm to Yourself
If you express serious thoughts of suicide, your therapist can share information with others to keep you safe. This applies when you describe wanting to hurt or kill yourself, when you’re actively looking for ways to do so (seeking access to pills, weapons, or other means), or when you talk or write about death and suicide in ways that suggest imminent risk. In these situations, a therapist may contact family members, call emergency services, or pursue hospitalization.
This doesn’t mean every passing mention of dark thoughts triggers a confidentiality breach. Therapists are trained to assess severity, immediacy, and intent. The threshold is genuine concern that you may act on suicidal thoughts in the near future. Many people discuss difficult emotions in therapy without ever triggering this exception. But when the risk is real, your therapist is permitted to prioritize your life over your privacy.
Threats of Violence Toward Others
If you communicate a serious threat of physical violence against a specific, identifiable person, your therapist has a legal responsibility to act. Most states require or permit mental health professionals to disclose information about clients who may become violent. The exact language differs by state. In Idaho, for example, the duty to warn arises only when a client makes “an explicit threat of imminent serious physical harm or death to a clearly identified or identifiable victim” and has “the apparent intent and ability to carry out such a threat.” Alaska’s law uses a slightly different standard: “a clear and immediate probability of physical harm.”
What a therapist does with this information also varies. They may warn the potential victim directly, notify law enforcement, or both. This legal framework traces back to a landmark 1976 California Supreme Court case, Tarasoff v. Regents of the University of California, which established that therapists have a duty to protect identifiable third parties from serious harm. Not every state adopted the same version of this rule, but the core principle is widespread.
Suspected Abuse or Neglect
Therapists are mandatory reporters. If they have reasonable cause to suspect that a child, elderly person, or dependent adult is being abused or neglected, they must file a report with the appropriate state agency. This is not optional, and the therapist does not need proof. The legal standard is “reasonable cause to suspect,” which is a deliberately low bar designed to protect vulnerable people.
This applies whether the client is the victim, the perpetrator, or simply someone who mentions the situation in passing. A therapist who learns that a child has been sexually abused, physically harmed, or seriously neglected is legally required to report it regardless of how that information came up in session. The same applies to abuse of elderly or disabled individuals. Failing to report can result in criminal penalties for the therapist.
Court Orders and Legal Proceedings
A judge can order your therapist to turn over records or provide testimony if the court determines it’s necessary to resolve a legal matter. This is different from a subpoena. A subpoena is a request from an attorney and does not automatically override your confidentiality. Your therapist is expected to show up in response to a subpoena, but they should still protect your privacy unless you’ve signed a release, a recognized legal exception exists, or an actual court order compels disclosure.
A court order carries more weight. When a judge specifically orders a therapist to release records or testify, the therapist must comply. Clinical records, billing records, intake forms, and even separately kept therapy notes can all be turned over with a valid court order or your written authorization. There’s one more wrinkle: if you file a malpractice lawsuit against your therapist, your therapy records become admissible as evidence. By suing, you effectively waive confidentiality for the information relevant to the case.
Insurance and Billing Disclosures
If you use health insurance to pay for therapy, some of your information will be shared with your insurance company. Federal privacy law (HIPAA) allows healthcare providers to disclose protected health information for treatment, payment, and healthcare operations without needing a separate release from you. In practice, this means your insurer may receive your diagnosis, dates of service, types of treatment provided, and billing codes. They use this information to process claims, verify coverage, and authorize ongoing sessions.
Your insurer won’t typically receive detailed session notes or a transcript of what you discussed. But the diagnosis alone can feel revealing, and it becomes part of your insurance record. This is one reason some people choose to pay out of pocket for therapy, particularly for sensitive issues they want to keep entirely private.
Group and Couples Therapy
Confidentiality works differently when other clients are in the room. In individual therapy, legal protections limit what your therapist can disclose. In group or couples therapy, anything said in session is generally available to everyone who was present. Other group members are not bound by the same legal and ethical obligations your therapist is.
New York’s guidance on this is straightforward: any individual present in a couples or group session may seek copies of the records from those sessions or release them to an outside party. Your therapist can encourage confidentiality among group members, and most do, but they cannot enforce it. This is why therapists are expected to clearly explain these limits before group or couples work begins. If absolute privacy matters to you on a particular topic, individual therapy is the safer setting.
Minors and Parental Access
If you’re a minor in therapy, your parents generally have legal access to your health information as your “personal representatives.” But there are important exceptions. Federal privacy rules identify three situations where a parent is not automatically entitled to their child’s records: when the minor legally consented to treatment on their own (many states allow this for substance abuse or mental health counseling above a certain age), when the child received care at the direction of a court, or when the parent has agreed to a confidential relationship between the child and therapist.
There’s also a safety override. If a therapist reasonably believes that a child has been or may be subjected to abuse, neglect, or domestic violence, they can decline to share information with the parent. This requires a case-by-case professional judgment, not a blanket policy. In practice, many therapists who work with adolescents negotiate a confidentiality agreement at the start of treatment, explaining to both the teen and the parents what will and won’t be shared, with safety concerns being the clear exception.
Professional Consultation
Your therapist may discuss your case with other mental health professionals as part of clinical consultation. This is standard practice, not a confidentiality violation. Therapists consult with colleagues to ensure they’re providing appropriate care, especially with complex cases. When they do, they typically minimize identifying details, though some specifics may be shared. This type of disclosure is built into the informed consent process and is considered part of responsible practice.
Telehealth and Digital Communication
Online therapy introduces privacy risks that don’t exist in a traditional office. Video platforms, email, and messaging apps can be intercepted, recorded by nearby smart devices, or monitored on workplace networks. The Department of Health and Human Services recommends holding telehealth appointments in a private room with the door closed, turning off smart speakers and home security cameras, and avoiding public Wi-Fi networks.
Your therapist is responsible for using encrypted, HIPAA-compliant platforms. But some risks fall on your side. If you take a therapy call on a work laptop, your employer’s monitoring software could capture it. If you use a public network at a coffee shop, your session data could be exposed. These aren’t confidentiality breaches by your therapist, but they compromise your privacy just the same.
What You Should Hear at Your First Session
Ethical guidelines require therapists to discuss the limits of confidentiality before treatment begins. The American Psychological Association’s ethics code states that psychologists must explain “the relevant limits of confidentiality and the foreseeable uses of the information generated through their psychological activities.” This conversation typically happens during intake, and you’ll usually sign a written informed consent form covering these exceptions.
If your therapist hasn’t explained these limits, ask. You have the right to know exactly what stays private and what doesn’t before you share anything sensitive. A good therapist will welcome the question and answer it clearly.