Confidentiality is a core ethical principle across medicine, psychology, law, and other professions that handle sensitive personal information. It is not merely a legal requirement or a workplace policy. It is a moral obligation rooted in respect for individual autonomy, dignity, and trust. Every major professional code of ethics treats confidentiality as foundational, though each also recognizes specific circumstances where it can be overridden.
Where Confidentiality Sits in Professional Ethics
The ethical roots of confidentiality trace back to the Hippocratic Oath, which instructed physicians to keep patient information private. Modern professional organizations have formalized this into detailed standards. The American Medical Association states that physicians have “an ethical obligation to preserve the confidentiality of information gathered in association with the care of the patient.” The American Psychological Association places confidentiality under its broader principle of “Respect for People’s Rights and Dignity,” affirming that psychologists “respect the dignity and worth of all people, and the rights of individuals to privacy, confidentiality, and self-determination.”
In law, the American Bar Association’s Model Rule 1.6 describes confidentiality as “a fundamental principle in the client-lawyer relationship,” noting that it “contributes to the trust that is the hallmark” of that relationship. The World Medical Association’s Declaration of Lisbon affirms confidentiality as a patient right at the international level, including provisions for patients who are legally incompetent but still capable of making rational decisions about their own information.
The common thread is that confidentiality serves a purpose beyond simple secrecy. It creates the conditions for honest, open communication. A patient who fears their information will be shared is less likely to disclose symptoms, behaviors, or concerns that are essential for effective care. A legal client who worries about exposure is less likely to share the details their attorney needs to provide competent representation.
Ethical Duty vs. Legal Privilege
People sometimes use “confidentiality” and “privilege” interchangeably, but they are distinct concepts. Confidentiality is primarily an ethical obligation. It governs how a professional handles all information related to the relationship, broadly defined. Privilege, on the other hand, is a legal protection that prevents certain information from being disclosed in court proceedings.
In the legal profession, for example, attorney-client privilege applies only when four specific elements are met: a communication was made between privileged persons, in confidence, for the purpose of seeking or providing legal assistance. Confidentiality is much broader in scope. It covers anything related to the representation, not just communications that meet those four criteria. The same general distinction applies in healthcare: federal and state privacy laws create legal protections, but the ethical duty goes further and applies in situations the law may not specifically address.
When Confidentiality Can Be Broken
No ethical framework treats confidentiality as absolute. Every major professional code identifies situations where breaking confidentiality is not only permitted but required. The most widely recognized exceptions include situations involving imminent harm to others, child abuse or neglect, and abuse of vulnerable adults.
The landmark 1976 Tarasoff case established the legal and ethical foundation for the “duty to warn.” The California Supreme Court ruled that when a therapist determines, or should determine based on professional standards, that a patient presents a serious danger of violence to another person, the therapist has an obligation to use reasonable care to protect the intended victim. That might mean warning the victim directly, notifying police, or taking other steps appropriate to the situation. The court explicitly weighed the public interest in safety against the therapeutic value of confidentiality and concluded that protection of life takes priority.
State laws vary in how they implement these exceptions. Some states make the duty to warn mandatory, meaning a mental health professional is legally required to act when a client communicates a credible threat against an identifiable victim. Others make it permissive, allowing but not requiring disclosure. Many states also provide legal protections for professionals who break confidentiality in good faith to prevent harm, shielding them from liability. In all cases, the ethical reasoning is the same: confidentiality exists to serve human wellbeing, and when maintaining it would directly endanger someone’s life, the principle yields to a more urgent obligation.
Professionals are also mandated reporters for child abuse and neglect in every U.S. state. This means that if a therapist, physician, or other covered professional learns of or suspects abuse, they are required by law to report it regardless of the client’s wishes.
Informed Consent and Its Role
Because confidentiality has limits, ethical practice requires professionals to explain those limits upfront. The American Psychological Association’s Standard 4.02 directs psychologists to discuss with clients both “the relevant limits of confidentiality” and “the foreseeable uses of the information generated through their psychological activities” at the start of the relationship.
In practice, this means your therapist, doctor, or attorney should tell you before you begin sharing sensitive information what they are and are not able to keep private. A therapist’s informed consent form, for instance, typically spells out that confidentiality will be broken if you disclose an intention to harm yourself or someone else, if there is evidence of child abuse, or if a court orders the release of records. It also explains how information might be shared with third parties like insurance companies. Informed consent forms for minors require additional clarity about the roles of parents or guardians and the specific boundaries of what will and will not be shared with them.
Confidentiality for Minors
The ethics of confidentiality become more complex when the patient is a child or teenager. Parents generally have the right to access their child’s medical records and act as their child’s “personal representative” for healthcare decisions. But there are important exceptions.
Under federal privacy rules, a parent is not treated as a child’s representative in three situations: when state law allows the minor to consent to care independently (common for reproductive health, substance use treatment, and mental health services in many states), when the child receives care at the direction of a court, or when the parent has agreed that the child and provider may have a confidential relationship. A provider can also decline to share a child’s information with a parent when the provider reasonably believes, based on professional judgment, that the child has been or may be subjected to abuse, neglect, or domestic violence, or that sharing the information could endanger the child.
These carve-outs reflect the ethical tension between a parent’s legitimate interest in their child’s health and a young person’s developing right to privacy. For adolescents seeking care for sensitive issues, the assurance of some degree of confidentiality can be the difference between seeking help and avoiding it entirely.
Digital Health and New Pressures on Privacy
The traditional model of confidentiality assumed a conversation between two people in a room, with a paper file in a locked cabinet. Digital health has introduced challenges that existing ethical frameworks are still catching up to. Telehealth platforms, mobile health apps, and electronic records create new vulnerabilities around data storage, transmission, and secondary use of information.
Research into digital health data collection has raised concerns about privacy, informed consent, data minimization, and transparency as large volumes of sensitive health data are collected and processed in real time. Studies have found that many mobile health platforms lack explicit consent pathways and adequate safeguards against data misuse. Children and adolescents face heightened risks because they often cannot ensure confidentiality or provide meaningful informed consent during remote consultations. Users of contact-tracing apps during the COVID-19 pandemic, for example, frequently reported that they lacked clarity about how their data was being stored and used.
These issues do not change the underlying ethical principle, but they do expand the range of situations where confidentiality can be compromised. A therapist conducting a session over video needs to consider whether the platform encrypts data, where recordings are stored, and whether a client has a private space to speak freely. The ethical obligation remains the same: protect the information. The practical demands of fulfilling that obligation have grown significantly.