Psychologists find it difficult to decide whether to keep confidentiality in therapeutic relationships [1]. This is owing to the fact that, on the one hand, the revelation of material or information that should remain confidential risks exposing them to possible claims in law for negligence, breach of contract, or breach of confidence, and professional conduct complaints. But in other situations, there is a legal and/or ethical duty on psychologists to reveal. Not disclosing such information under such situations will likely be actionable under the law of non-disclosure, as well as more likely to be perpetrating a serious offense, injuring oneself, or injuring others. The purpose of this study is to analyze the ethical and legal aspects of maintaining and violating confidentiality and privacy.

Privacy and confidentiality of the patient are two of the most important aspects of health care and psychotherapy that assist in maintaining patients' rights and dignity. Confidentiality refers to the protection of personal and sensitive information shared between patients or clients and their healthcare providers, while patient privacy refers to the patient’s right to control and safeguard their personal health information [2]. Confidentiality is an age-old professional ethical precept since time immemorial, founded on principles such as the Hippocratic Oath in which confidentiality was valued as an essential to the formation of confidence in medicine [3]. The professional duty of confidentiality has been formalized and incorporated into professional codes such as the American Medical Association and the American Psychiatric Association over centuries, evidencing its maintenance of patient dignity and the sanction of therapeutic relationships [4]. Privacy refers to ‘the right to be left alone’ and has been highlighted as a basic human right of individuals [5]. Privacy in healthcare and psychotherapy implies that patients or clients should have control over how their medical and mental records are used through the provision of consent [6]. Patients also have the right to access and correct their personal information as it appears in Electronic Health Records (EHRs). In this context, privacy is patients’ personal right to have full control of their data [7].

Privacy and confidentiality may vary, although they are intrinsically and profoundly interconnected. Generally, privacy establishes a boundary on the encroachment of patient confidentiality by other entities.  Lamont-Mills et al. assert that it is the responsibility of these psychotherapists and health care professionals to define this boundary [8]. In addition, it is essential to examine the physical environment surrounding the patient and their body, establishing a context in which their secrets or information are adequately safeguarded. According to Salles & Castelo, privacy encompasses an individual's right to intimacy and the restriction of third-party access to their mental or physical self through physical interaction or the revelation of personal thoughts and emotions [9]. Confidentiality and patient privacy constitute two of the primary ethical responsibilities in the psychological profession. They govern the relationship between patients and psychotherapists, which is most important in promoting trust, respect, and professionalism in the clinical setting [10]. The ethical basis of client confidentiality and privacy stems from respect for autonomy, which holds that individuals have a right to autonomous decisions regarding their health care [11]. These two aspects of beneficence and non-maleficence are also the pillars of privacy and confidentiality. These aspects require psychological professionals to act in the best interests of their clients and never cause harm to them.

While confidentiality and privacy of patients are of the highest importance, there are cases where patient data should be disclosed without permission. These include cases involving potential harm to the patient or others, legal demands for disclosure of certain details, or public health issues [12]. Healthcare and psychology practitioners have an ethical obligation to follow set norms and standards in a manner that patient information is communicated accordingly and with respect to the patient's best interests [13]. Ewuoso explained that confidentiality has been grounded in paternalistic models of care, yet cultural development toward autonomy and informed consent transformed expectations and called for a balance between respect for patients' rights and general ethical and legal responsibilities [14]. For example, USA federal laws like the Health Insurance Portability and Accountability Act of 1996 (HIPAA) create federal guidelines safeguarding confidential health information from release without a patient's authorization [15]. In addition, the Family Educational Rights and Privacy Act (FERPA) is legislation that provides parents with the right to inspect and review their children's education records, the right to attempt to have the records changed, and the right to have a degree of control over the release of personally identifiable information from the education records [16]. The Ghanaian government has legislation such as the Public Health Act, 2012 (Acts 846) demand the disclosure of certain information if it could cause harm to the public [17]. The European Union’s General Data Protection Regulation (GDPR, 2016/679) also demands strict protection of patients’ data but makes room for disclosure without consent under certain conditions [18]. Also, noted that the advent of digital technologies, big data, and artificial intelligence has also made confidentiality more difficult to guarantee in the context of introducing unauthorized access risks, re-identification risks, and algorithmic bias

This development makes services essential to create paradigms to balance legal imperatives with moral and psychological imperatives of privacy and confidentiality. In this regard, exposure across disciplines, policy flexibility, and a more refined ethics education are needed to allow professionals to be capable of managing confidentiality amidst emerging technology and sociocultural change. With this consideration, the present study conducts a systematic review of studies to examine the influence of law and psychology on the management of confidentiality and privacy in its quest to resolve conflict, determine best practice, and make evidence-based policy recommendations for the development of policy, education, and professional practice in ethically difficult situations.

This systematic review examines the legal and ethical implications of both preserving and breaching confidentiality and privacy. The study followed established systematic review procedures, namely the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) guidelines [19]. The use of PRISMA was designed to enhance the transparency, methodological quality, and reproducibility of the findings of this review.

Data Search

The authors searched for relevant studies from several electronic databases, including PsycINFO, Scopus, Web of Science, and Google Scholar. These databases were consulted because they periodically publish updated and high-quality studies on legal and ethical principles in psychology and healthcare. The peer-reviewed articles between 2015 and 2025 were considered in the study solely to ensure that the findings of this review reflect the current reality. The researchers utilized various combinations of the terms, such as “privacy in healthcare,” “patients' confidentiality,” “ethical dilemmas of confidentiality,” “confidentiality in psychotherapy,” and “confidentiality at the intersection of law and ethics.” Further, Boolean operators (AND, OR) and truncation methods were employed to enable a complete and precise search of the available literature.

The researchers established inclusion and exclusion criteria to guide the selection of appropriate studies for the final review. With the inclusion criteria, this review included empirical research and theoretical integration that focused on confidentiality at the intersection of law and ethics. Also, all the studies included in this review were published in English. This is because the researchers could not read or understand other foreign languages; as such, they could not review studies published in other languages aside from the English language.  However, the research excluded studies that were specifically addressing confidentiality with no reference to its intersection at law and ethics. Furthermore, studies in grey literature in the form of reports and unpublished materials were excluded from the analysis. Also excluded was non-peer-reviewed research to establish the validity and strength of the review process.

Employment of inclusion and exclusion criteria was useful in efficient screening and selecting studies of interest. The screening process began with reading through the titles and abstracts to assess the relevance of the studies based on predefined inclusion and exclusion criteria. The studies that passed the titles and abstracts were further subjected to full screening based on the established inclusion and exclusion criteria. Screening and selection were done by two separate, independent assessors, and any disagreement was resolved by discussion or adjudication by a third assessor, thus reducing the risk of selection bias. Finally, fifteen studies were eligible to be included in the final review.

Figure 1: Provides a Summary of the Screening and Selection Process.

Source: Moher, et al [19].

A data extraction tool was designed in a standardized way to extract pertinent data from each of the eligible studies. The data extraction focused on components such as the author(s) and year of publication, purpose of the study, and methods applied (qualitative, quantitative, or mixed-methods), sample size and description, and primary findings of relevance. The data extraction table is shown in Table 1.

Methodological quality of included studies was ascertained using the Critical Appraisal Skills Programme (CASP) checklist for qualitative research and the Joanna Briggs Institute (JBI) critical appraisal tools for quantitative research. The quality of each study was rated as high, moderate, or low. The low-quality studies were excluded from the final synthesis.

Table 1: Data Extraction.

A narrative synthesis strategy was employed, given the expected heterogeneity in study designs and measurement methodologies. Synthesis of the findings was conducted thematically, with attention to individual-level psychological factors (including personality and motivational factors), team-level psychological processes (such as group cohesion and leadership factors), and the general organizational psychological environment (with innovation culture and support mechanisms).

The findings of the review have been categorized into six themes. These include legal and ethical dilemmas of law in confidentiality, trust, confidentiality, and professional duty, technological issues and cyber confidentiality, system and institutional defects, and confidentiality within sensory spaces. The number of studies reflecting these themes has been presented in Figure 2.

Figure 2: Number of Studies Reflecting Each Theme.

Source: Systematic Literature Review Table

Legal and Ethical Dilemmas of Law in Confidentiality

Some studies in this review, including Olorunfemi et al. [13], Afanasieva & Pimonov [20], Joseph et al. [21], Salle & Castello [9], and Oppong et al. [22] all find dilemmas between formal legal requirements and ethical requirements when professionals deal with confidential data. Some examples are disclosure of HIV status, dealing with children's confessions, or violation of confidentiality in psychiatric therapy due to legal coercion such as HIPAA or Tarasoff orders.

Trust, Confidentiality, and Professional Duty

Authors including Esmaeilzadeh [2], Hattingh et al. [23], Aboujaoude [24], and Salle & Castello [9] guarantee confidentiality as the cornerstone of trust in mental health care and health care systems. Violations of privacy caused by confidentiality or transparency lead to a decline in patient confidence, while compliance fosters the treatment process and cooperation to exchange sensitive information.

Technological Issues and Cyber Confidentiality

There exists irrefutable evidence [25-30], of issues caused by electronic health records, tele-mental health, communications, and medical devices. They include vulnerability to breaches, incoherence of standards, cyberattacks, and crossed professional boundaries on the web.

System and Institutional Defects

Authors like Afanasieva & Pimonov [20] and Fyanka & Ekpendu [31] blame shortcomings in or the absence of legislative bases, inadequately trained staff, and socio-economic status for being responsible for poor confidentiality. Structural threats also arise as a side effect of organizational settings, such as hospitals or pharmacies, with laxity of organizational process or implementation of privacy protocols.

Confidentiality within Sensitive Cases

Oppong et al. [22] and Salle & Castello [9] explore how far confidentiality issues actually do arise, most importantly in terms of sensitive cases of marriage counseling, HIV notification, or psychiatric hospital practice. They are standard illustrations that the ethical rule of confidentiality depends on, wherein practitioners must balance client trust against damaging others or statutory mandates by law.

Developing Professional and Ethical Standards

Barnett & Kolms [28], Demers & Sullivan [30], and Joseph et al. [21] disclose that emerging telehealth, education, and psychiatry spaces are prompting the re-engineering of confidentiality norms. Professional norms are being called upon to transition to cross-jurisdictional practice, cyber vulnerability, and professional boundary ambiguity while remaining loyal to essential privacy and trust tenets.

The evidence indicates that practitioners have attempted to negotiate the dilemma between obligations of ethics and mandates of law. For example, Joseph et al. [21] reference how HIPAA and the Tarasoff ruling established the model for the violation of confidentiality in psychiatry when there exists a threat to safety. Likewise, Oppong et al. describe such conflict between HIV disclosure and marital counseling, where silence maintains client trust but revelation may save others from being harmed [22]. These are the scenarios that demonstrate the vulnerability of confidentiality as a finality and the fact that it is dependent on deeper societal responsibilities. The unresolved tension leads us back to asking: Does law regulate ethical practice, or does ethics dictate the application of law? The outcomes demonstrate that the professionals get caught up between the protection of the individual and serving collective security with indefinite mandates.

The conflicts that are faced in marriage counseling, child therapy, or HIV disclosure situations [9,22] reflect the ethical continuum of confidentiality. These are not transgressions in a technical sense but agonizingly human conflicts where holding one secret would harmfully ruin the other. These findings point towards the shades of gray in ethics, where absolute silence or disclosure does not give an entirely just remedy. This, therefore, means that confidentiality cannot be handled like a rule book that can be applied automatically; it takes contextual judgment and audacity. But professional practitioners are not given open channels where glaw is ambiguous or open to interpretation. Such subtle contexts therefore bare the edges of law and ethics, necessitating processes that offer finely nuanced case-by-case judgment without subjecting professionals to the mercy of their own views.

Using the data set, professional-patient trust is fostered using confidentiality. Esmaeilzadeh demonstrates how openness to privacy policy generates patients who are more cooperative with their secrets, demonstrating how perceived justice in privacy practice builds cooperation [2]. Hattingh et al. follow this by showing how intrusiveness in everyday life, such as how pharmacy store layouts make conversations open, is eroding that trust [23]. Such research suggests that confidentiality is not just conformity to law but expression of ethical obligation in ways patients perceive as respectful. That is, confidentiality's symbolic function, a promise of safety and respect, may be as effective a safeguard as its statutory enforcement. Yet when it is violated, patients will completely abandon health or psychological care, illustrating the long-term public health costs of ethical violation [13]. Furthermore, literature evidence testifies to the way digitalization compounds the issues of confidentiality by increasing risks to confidentiality. Keshta and Odeh [25] and Issa et al. [26] refer to gaps in electronic health record systems where vulnerabilities and disparate policies offer loopholes. Sabin & Harland [27] and Barnett & Kolms [28] report the way electronic communication obscures professional boundaries, creating new ethical challenges in therapist-client relationships online. Newaz et al. [29] go a step further to illustrate how even medical equipment in hospitals can be susceptible to privacy breaches with the addition of software. These reports collectively add up to the reality that technology gets in the way of old-fashioned models of confidentiality: what used to be locked away in file cabinets now relies on encryption, algorithms, and control systems. This change demonstrates a lag in that ethical principles evolve more slowly than technological dangers. This leaves professionals in the precarious position where legal protection and ethical principles are unable to match the speed of innovation. Authors such as Barnett & Kolms [28], Demers & Sullivan [30], and Joseph et al. [21] discuss the evolutionary nature of confidentiality. Telehealth, cross-border practice, educational technologies, and e-psychiatry introduce totally new circumstances under which old rules do not apply. Professionals must reinterpret their responsibilities in the moment, negotiating boundaries in uncharted territory. This development makes two observations: first, that confidentiality is dynamic and needs constantly to adjust to emerging social and technological facts; second, that the ethical heart of confidentiality (trust, respect, and protection) should remain constant even when its applications evolve. In the absence of revised ethical and legal guidelines, professionals are in danger of overprotecting (and rationing care) or under protecting (and jeopardizing patients). The findings therefore suggest the future of confidentiality to hinge on the formulation of adaptable, forward-thinking standards brokering tradition and innovation.

Further, studies point out that threats to confidentiality are not a personal failure but an institutional and systemic one [20,23,30]. The weak legislation of Russian society [20] and the weak enforcement in Nigeria [30] put professionals at risk and patients in danger. Hattingh et al. illustrate how even the physical layout of pharmacies can threaten confidentiality and that confidentiality is not merely located in codes of conduct but also in organizational cultures and infrastructures [23]. What these findings imply is that confidentiality is an activity that is carried out collectively by everyone. It depends on systems, training, design, and policy consistency. Where these are not present, professionals have to improvise, and patients' rights may be undermined. The data indicate an alarming contradiction: confidentiality is offered as a professional duty, but institutions themselves do not create the conditions that render it possible to protect.

The conclusions show that confidentiality stands on the precarious crossroads of legal requirement, ethical obligation, contextual structure, and technological potential. Less an absolute standard than a negotiated one, it is constantly renegotiated to balance individual rights, collective preservation, and professional reputation.

This research explains how confidentiality, while everywhere seen as a fundamental rule of professional conduct, is far from absolute. The research portrays it as a negotiated practice under pressures of conflicting sorts. For instance, legal pressures sometimes compel revelation, ethical pressures impose trust and secrecy, technological advances destabilize old protections, and structural loopholes undermine enforcement. Transcending disciplines from medicine and psychiatry to schools and cyber communication, workers routinely face situations in which confidentiality for one person puts another's safety at risk and in which flawed infrastructures of institutions expose practitioners to ambiguity. The findings indicate that confidentiality is not a monolithic command but a construable obligation subject to situational judgment, facilitated by lucid guidance, education, and institutional change. In conclusion, the findings demonstrate that the true test is how to reconcile law, ethics, and professional practice so that confidentiality can be a legal obligation and a moral assurance.

To better safeguard confidentiality where law and ethics meet, governments need to simplify and harmonize legal frameworks, especially in such fields as mental health, telemedicine, and electronic health records, to cut down uncertainty and give clear direction to practitioners. Professional organizations need to revise codes of ethics to respond to arising challenges, such as divulging HIV status, confidentiality for children and adolescents, and web-based communication. Further, health centers and counseling units need to make commitments towards ongoing training that makes professionals competent and sensitive to deal with intricate confidentiality issues. At the institutional level, health and education departments need to develop infrastructure, implement privacy drills consistently, and establish supportive settings allowing confidentiality in practice. Additionally, policymakers and technology developers must make safety in electronic health systems, telemedicine portals, and medical devices their priority, at least by implementing strong controls such as encryption, access controls, and audits. Finally, education in the public sphere is crucial so that patients and communities are informed of their right to confidentiality and enabled to make demands for accountability and actively engage to safeguard their own information.

1. Kampf A, McSherry B, Thomas S, Abrahams H. Psychologists’ perceptions of legal and ethical requirements for breaching confidentiality. Aust Psychol. 2008; 43: 194-204.
2. Esmaeilzadeh P. The impacts of the perceived transparency of privacy policies and trust in providers for building trust in health information exchange: an empirical study. JMIR Med Inform. 2019; 7: 1-25.
3. Sidhu N, Srinivasraghavan J. Ethics and medical practice: Why psychiatry is unique. Indian J Psychiatry. 2016; 58: S199-202.
4. Schatzberg AF, Nemeroff CB, editors. The American Psychiatric Association textbook of psychopharmacology. Washington DC: American Psychiatric Publishing. 2017.
5. Kayaalp M. Patient privacy in the era of big data. Balkan Med J. 2018; 35: 8-17.
6. Kruse CS, Smith B, Vanderlinden H, Nealand A. Security techniques for the electronic health records. J Med Syst. 2017; 41: 1-9.
7. Harman GE, Herrera-Estrella AH, Horwitz BA, Lorito M. Trichoderma – from basic biology to biotechnology. Microbiology. 2012; 158: 1-10.
8. Lamont-Mills A, Christensen S, Moses L. Confidentiality and informed consent in counselling and psychotherapy: A systematic review. Melbourne: PACFA. 2018; 1-16.
9. Salles AA, Castelo L. Privacy and confidentiality in the therapeutic process: Contributions from bioethics. Rev Bioetica. 2023; 31: 1-11.
10. Roy S. Privacy prevention of health care data using AI. J Data Acquis Process. 2022; 37: 769-775.
11. Jokinen A, Stolt M, Suhonen R. Ethical issues related to eHealth: An integrative review. Nurs Ethics. 2021; 28: 253-271.
12. Rafique RM, Siddique MB, Owais F. A study on the perception and implementation of ethics in clinical practice. Pak J Ethics. 2022; 2: 48-53.
13. Olorunfemi O, Oyegoke EO, Abiodun OO, Kunle-Abioye FB, Ayeni BA. Achieving a balance between ethical and legal obligations regarding confidentiality and patient privacy. Amrita J Med. 2024; 20: 90-93.
14. Ewuoso C. Patient confidentiality, the duty to protect, and psychotherapeutic care: Perspectives from the philosophy of ubuntu. Theor Med Bioeth. 2021; 42: 41-59.
15. English A, Ford CA. The HIPAA privacy rule and adolescents: Legal questions and clinical challenges. Perspect Sex Reprod Health. 2004; 36: 80-86.
16. Bolshem Y, Manchester J. FERPA: Upholding nursing student privacy in clinical settings. Nurse Educ. 2025; 50: 171-172.
17. Kpobi L, Kwakye-Nuako C, Gyimah L. Mental health law and practice in Ghana: An examination of the implementation of Act 846. Routledge Handbook of Mental Health Law. London: Routledge. 2023; 477-492.
18. Timmers M, Van Veen EB, Maas AI, Kompanje EJ. Will the EU Data Protection Regulation 2016/679 inhibit critical care research? Med Law Rev. 2019; 27: 59-78.
19. Moher D, Liberati A, Tetzlaff J, Altman DG, PRISMA Group. Preferred reporting items for systematic reviews and meta-analyses: The PRISMA statement. BMJ. 2009; 6: 1-8.
20. AFanasieva IV, Pimonov VA. Confidentiality as a principle of the activity of a practising psychologist: The current state of regulatory regulation and prospects. Psychol Law. 2023; 13: 143-152.
21. Joseph DI, Goldstein MM, Onek J. Confidentiality. In: Psychiatric Ethics. 4th ed. Oxford: Oxford University Press. 2013.
22. Oppong VB, Osafo J, Ofori-Atta A. Ethical dilemmas in psychological services in Ghana: The views of clinical psychologists. Ethics Behav. 2022; 32: 273-284.
23. Hattingh HL, Knox K, Fejzic J, McConnell D, Fowler JL, Mey A, et al. Privacy and confidentiality: Perspectives of mental health consumers and carers in pharmacy settings. Int J Pharm Pract. 2015; 23: 52-60.
24. Aboujaoude E. Protecting privacy to protect mental health: the new ethical imperative. J Med Ethics. 2019; 45: 604-607.
25. Keshta I, Odeh A. Security and privacy of electronic health records: Concerns and challenges. Egypt Inform J. 2021; 22: 177-183.
26. Issa WB, Akour IA, Ibrahim A, Almarzouqi A, Abbas S, Hisham F, et al. Privacy, confidentiality, security and patient safety concerns about electronic health records. Int Nurs Rev. 2020; 67: 218-230.
27. Sabin JE, Harland JC. Professional ethics for digital age psychiatry: Boundaries, privacy, and communication. Curr Psychiatry Rep. 2017; 19: 1-7.
28. Barnett JE, Kolmes K. The practice of tele-mental health: Ethical, legal, and clinical issues for practitioners. Pract Innov. 2016; 1: 53-62.
29. Newaz AI, Sikder AK, Rahman MA, Uluagac AS. A survey on security and privacy issues in modern healthcare systems: Attacks and defences. ACM Trans Comput Healthc. 2021; 2: 1-44.
30. Demers JA, Sullivan AL. Confronting the ubiquity of electronic communication and social media: Ethical and legal considerations for psychoeducational practice. Psychol Sch. 2016; 53: 517-532.
31. Fyanka K, Ekpendu CM. An assessment of the right to privacy and confidentiality of patients in the context of medical negligence, error and malpractice in Nigeria. Afr J Law Hum Rights. 2023; 7: 1-8.