Protecting clients’ privacy and ensuring their trust is a key
principle of documentation. Whether or not a practitioner
can release client information requires the psychologist to be
aware of several legal and regulatory requirements, including
mandated reporting requirements. The Record Keeping
Guidelines encourage psychologists to be familiar with ethical
standards regarding confidentiality, specifically APA Ethics
Code 4.01 and 6.02, and relevant legal, regulatory and statutory
requirements. Psychologists also need to follow any applicable
institutional policies. Special attention is warranted in decisions
related to the access or disclosure of records of minor children,
especially in situations of divorce where information may be
used in adversarial proceedings such as custody conflicts.
Disclosing record-keeping procedures
The guidelines consider disclosure of “the nature and extent
of record keeping procedures” part of the broader process
of informed consent to psychological services (Ethics Code
3. 10); Ethics Code 3.10d specifically requires documentation
of informed consent. Psychologists are ethically mandated to
discuss the “relevant limitations of confidentiality” and the
“foreseeable uses of the information” (APA Ethics Code 4.02) at
the outset of services. This discussion helps clients understand
that their information may be shared with others and that there
are potential limits to confidentiality, such as in a litigation
context or mandated treatment.
Maintenance and security
APA’s record-keeping guidelines also recognize the importance
of multidisciplinary collaboration in providing patient care.
Accurate records facilitate adjunctive treatment, such as
medication management, coordinated care for chronic illness or
family therapy intervention. Should an unforeseen illness befall
the psychologist, an up-to-date record facilitates the successful
transfer of care. Records may also be requested by the client,
or his or her attorney, for other uses, such as divorce or other
legal proceedings, applications for disability or life insurance, or
requirements for certain types of employment.
Practitioners need to have a security plan that provides
adequate protection for either paper or electronic records from
loss or damage, and ensures only appropriate access by trained
professionals or others with a legitimate need to see them. With
expanding wireless and computer technologies, client data
may be kept in various electronic formats, such as emails, text
messages and online scheduling calendars. Practitioners should
be particularly cautious when exchanging protected health
information via fax, email, text messaging and electronic claims
Many psychologists store patients’ electronic records on their
office computers, laptops and tablets. However, psychologists
must be vigilant in preventing unauthorized access to the
data and protecting the actual equipment from theft. Data
breaches reported under the HIPAA Breach Notification are
frequently the result of theft, particularly of laptops and other
portable electronic devices ( www.hhs.gov/ocr/privacy/hipaa/
retrieved 9/30/11). Psychologists should store backup media as
carefully as they do their original electronic files.
Retention of records
Perhaps the most welcomed change in the guidelines’ revision
is a shorter requirement to keep records. The guidelines state:
“In the absence of a superseding requirement, psychologists
may consider retaining full records until seven years after the
last date of service delivery for adults or until three years after a
minor reaches the age of majority, whichever is later.”
As previously mentioned, psychologists must also consider
any applicable state laws and other regulatory or institutional
requirements in determining specific records retention policies.
This guideline may be useful as psychologists prepare for
retirement and plan for how records will be stored and later
The original rationale for disposing of records was to
prevent “obsolete” clinical data from being misused in other
contexts. Today, with electronic health records and the ability
to store data in larger electronic systems, clinical information
can be kept indefinitely. The Record Keeping Guidelines
suggest that psychologists document the context in which the
record is created, such as the reason for referral or evaluation,
and specific circumstances impacting the client at the time of
service. Professionals who review records at a later date also
have the responsibility to recognize when clinical documents
or testing results are obsolete or unduly prejudicial to current
decision-making. In most cases, this is of greatest concern when
the record creates a negative impression of the client.
APA’s record keeping resources
• Applying the APA Record Keeping
Guidelines in Clinical Practice (webinar): www.
• APA Ethical Principles of Psychologists and
Code of Conduct.
• American Psychological Association. (2010).
Ethical principles of psychologists and code of
conduct (2002, Amended June 1, 2010). retrieved
• Health Information Technology: www.
• HIPAA Compliance: www.apapracticecentral.