Arrow pointing right
Back to articles

Are employee assistance programmes (EAPs) confidential?

The short answer: yes. The long answer: yes, but it's important you and your employees understand the specifics of EAP privacy.

In this article
Why is EAP confidentiality important?Are EAPs confidential?What information does an EAP hold?Confidentiality at Spill

Spill gives your team a safe, secure, and confidential space to talk about anything that's on their minds.

Check our prices


  • EAPs prioritise confidentiality to build trust with employees and encourage early intervention for personal and work-related issues.
  • EAPs are designed to maintain confidentiality, ensuring that employee interactions remain undisclosed within the company.
  • There are three levels of confidentiality within an EAP: confidentiality when contacting the EAP, confidentiality when using the EAP, and confidentiality when undergoing counselling.
  • Exceptions to confidentiality may arise at the initial point of contact, in cases of potential harm, or for collecting EAP usage data: it's important that companies clearly communicate these exceptions with their team.
  • EAPs hold personal information but they can share limited, non-identifying data with employers to help them evaluate and improve EAP usage within the company.

Employees often have questions about confidentiality when it comes to EAPs. After all, your team will use the service for personal matters and understandably, they want to keep it that way: personal. Uncertainty around EAP confidentiality is one of the main reasons why companies find their EAP going unused, which is why it’s really important for you to fully understand how your employees’ personal information is protected. Then, it's all about making sure your employees understand this, too.

Of course, simply saying something is confidential doesn’t give away any specific information about what this actually means. Thankfully, you’ve landed on this article where you’ll find everything you need to know about EAP data, EAP privacy, and why EAP confidentiality is important.

Why is EAP confidentiality important?

EAPs offer a safe space for your employees to get advice on any number of personal or work-related issues. Offering counselling, professional advice, and self-help resources, EAPs only work if employees feel able to seek help without fear of negative consequences or stigma in the workplace. And for your employees to feel this way, they need to trust that their reasons for contacting the EAP aren’t relayed back to their manager or colleagues. In other words, they need to understand and have faith in your EAP’s confidentiality policy.

EAP confidentiality also plays an important part in encouraging people to seek help early, before issues escalate. Early intervention can protect both your employee and your business from increased absences or a loss of productivity. Therapy in particular has a strong track record of helping employees recover their productivity, with one study finding that therapy intervention increased people’s emotional stability by an average of 51%. And when employees have higher emotional stability, they see performance pressure as challenging rather than threatening.

Submit document logo

Get a free EAP confidentiality statement checklist

Review your EAP's confidentiality statement (or compare different EAP offerings) against industry best-practice standards

Are EAPs confidential?

The short and longer answers here are both yes, EAPs are confidential.

The details of your employees’ (or even your own!) interactions with the EAP will never get back to anyone in the company. No one even needs to know that the EAP has been contacted by a particular individual (bar one important barrier to contact, which we talk about later). When someone first contacts an EAP, they may have to give the name of their company but that’s just so the EAP knows which support they can get.

Most people tend to use EAPs for the counselling services, so that’s what we’re going to focus on here when it comes to looking at confidentiality. 

The titles therapist, counsellor, or psychotherapist in the UK are uncharted, meaning that technically, anyone can say they are one of these things. That’s why we at Spill, and many EAPs, only use therapists who are fully qualified (that’s a given) and registered with member organisations like the British Association for Counselling and Psychotherapy (BACP), National Counselling Society (NCS), or equivalent. Each of these associations set out their own ethical code of conduct and any therapist registered with them must follow these regulations. 

EAPs themselves will also have their own confidentiality measures in place. In its latest guidance, the UK Employee Assistance Professionals Association (EAPA) advises that there are two requirements when it comes to EAP confidentiality and data protection:

  • Have a clear confidentiality statement
  • Adhere to UK Data Protection legislation

They then go on to outline some of the minimum confidentiality and data protection requirements for any EAPs that are members of the organisation:

  • An EAP must explain confidentiality and its boundaries to purchasers.
  • An EAP must have a written statement which fully informs service users about their rights regarding the scope and limitations of confidentiality. This statement shall be communicated and made available to every service user before assistance is offered. In the case of telephone or online counselling it will be expected that the statement will be read out or typed out and verbally agreed or agreed to online by the service user. A copy will be sent by email if requested by the service user.
  • Every employee of an EAP must personally contract to a confidentiality agreement.
  • An EAP must protect service user information from disclosure with appropriate levels of security.

Generally, information shared with an EAP counsellor cannot be shared with anyone, including supervisors or other employees, without your employee’s written consent.

The different levels of EAP confidentiality

As we’ve established, EAPs are generally confidential: they have to be in order to work. But as we thought about it more at Spill HQ, we realised there were actually three different levels to this confidentiality worth being aware of. 

Confidentiality when contacting the EAP

Before any kind of EAP counselling or advice can be given, your employee has to actually contact the EAP. If they have the contact details right in front of them, it’s easy: they can initiate contact and no one else in the company, at home, or in the pub will be none the wiser. 

But, and it's a big but, what if your employee doesn’t know how to get in touch with or use your EAP?

Well, that leaves them with pretty much three options:

  1. They decide they don’t need support after all.
  2. They turn to an external source of help, which will cost them money and mean your EAP goes unused.
  3. They ask someone in the company for the EAP contact details. 

And if they select option #3, their use of the EAP is immediately no longer confidential. 

It doesn’t matter if they don’t mind having to ask: someone else may feel differently and choose not to seek support as a result. In our minds, this shouldn’t even be an option because every step of the EAP support process should be confidential. And to do that, you need to make sure every single person in your company knows how to use your EAP and how to contact them. This promotion of your EAP is really important and not just in the early stages of introducing it. Consider designing posters and leaflets to leave around the office, making an internal company EAP information page, or sending a regular employee wellbeing newsletter — and make sure these always include your EAP’s contact details.

Confidentiality when using the EAP’s services

Once your employee is engaging with the EAP, it’s completely confidential. 

It doesn’t matter whether your employee is receiving counselling, getting advice from another professional, or using the self-help resources, their activity remains private. And this is so important for your team to understand as without this level of EAP privacy, no one would want to get support.

Confidentiality when taking part in EAP counselling sessions

Lastly, there are a few occasions when EAP confidentiality needs to be broken.

🫶 When there is a risk of harm to the individual or others

If the EAP counsellor has concerns about their client’s safety to either themselves or those around them, they will need to safeguard the individual or others from serious harm. And to do this, they will need to break confidentiality, which could mean contacting the individual’s GP or the emergency services. It’s worth noting that a doctor is not legally obligated to tell an employer if they received someone into their care for safeguarding reasons. This also includes any situations where there is suspicion of abuse to a child or older person, or discussions involving murder, terrorism, rape, and kidnapping. Should this happen, the counsellor will do their best to respect their client’s confidences that do not need to be overridden to prevent serious harm.

📊 When collecting usage data

A tricky one, this really falls between confidential and not confidential. Some EAP providers may share usage data with you so that you can see if the EAP is being used, how often, and in some cases, trends in the themes that people approach the EAP about. For example, you might find out that seven spoke about anxiety or five people accessed resources about burnout. If more people than usual are looking for burnout support, it might signal a wider problem that needs addressing. 

Employees who use the EAP are kept anonymous, as are the specific details of their situations and conversations with the EAP, but it’s really important that your team know:

  1. This data is being shared
  2. Why it's being shared and what you do with it
  3. The specifics of the privacy of this data

Spill gives your team instant access to qualified therapists in just a few clicks.

See how Spill works

What information does an EAP hold?

While EAPs won’t share your employees personal information with you (the employer) they will have information about your employees. This is why every employee at an EAP must sign a confidentiality agreement and access to your employees’ records is limited to authorised EAP professionals only.

The exact information an EAP holds will vary depending on why someone has been in touch: if they are looking for support around alcohol consumption, the EAP may hold information on their alcohol intake or other lifestyle factors. This is known as sensitive or special information, and can include financial, transaction, lifestyle, health, genetic, and biometric information.

Here’s an example overview of the kinds of personal information an EAP might collect and why. Ask your chosen EAP provider for a similar list so that you and your team are fully aware of the personal and sensitive information they will collect.

Categories of personal information Types of information collected How its used
Identity information Name, username, marital status, date of birth, reported gender
👋 To confirm who you are
💬 To communicate with you
👨‍💻 To create your account

Contact information
Billing address, postal address, email address, telephone number
👋 To communicate with you
📣 To share news
👨‍💻 To create your account

Interaction information Telephone recordings and transcripts, records of communication
📚 For staff training
📝 To keep a record of your contact
💙 To give you the support you need
💬 To communicate with you
🔨 To improve your experience

Digital interaction information Geolocation data, IP address, login data, browser type, time zone, location, operating system
🤝 To personalise your experience
🚨 To update you on connection issues
📈 To see how the EAP is doing
🔨 To improve the product

EAP data: what can employers access?

A follow on from the section above but in a bit more detail, it’s important you’re absolutely clear on what data you, as the employer or admin of the provider, can access when it comes to EAP usage in the company. Be sure to get clarification on this when you speak to potential providers and once your company gets its EAP, tell your team what you can and can’t see.

While the general rule is that EAPs maintain strict confidentiality, they can share limited, non-identifying data with the admin of the account. As usual, the specifics of this will vary depending on the EAP and your agreement with them, but this can include:

  • How the EAP is being used by your team, such as how many people are accessing the EAP, the types of issues being raised, and overall satisfaction of the programme.
  • Recommendations based on the usage data to help you improve workplace wellbeing, policies, or training programmes.
  • Critical incident reporting, for example if an employee poses an immediate threat to themselves or others. In these rare cases, the EAP may need to report this information to you, the employer, but also appropriate authorities to safeguard against serious harm.

How to prioritise EAP confidentiality

If you’re setting up an EAP for the first time or reviewing your existing one, here are three steps to keep in mind when it comes to the confidentiality and privacy of your provider. 

👃Be nosey

In our experience, a lot of EAP providers share limited information on their websites. So, start digging! Most providers will have a privacy policy that details what data they collect, why, and how it’s used. Read it through and note down any questions. To find out more, you’ll generally have to book a call to speak to the provider’s sales team: be sure to ask them detailed questions about their EAP’s confidentiality.

👓 Be thorough

Once you’ve chosen an EAP provider for your company, take the time to thoroughly read your contract with them. They’ll have included detailed information about their confidentiality and privacy policies: review it carefully and don’t hold back if you have any questions. It’s best to ask now and iron out all the kinks before you sign the dotted line. 

🗣️ Be honest

During and after the setup of your new service, speak honestly with your team about their new EAP’s confidentiality. Make sure everyone understands when the EAP is and isn’t confidential, and give them a chance to ask questions. Some providers might ask employees to sign a confidentiality agreement before getting support, such as before a counselling session. Find out the process and communicate this with your team as well: the last thing anyone needs is to be caught off guard when they’re trying to seek help.

Confidentiality at Spill

Here at Spill, we give your team access to quality corporate therapy. Our therapists are all fully qualified, registered with the BACP or NCS, and have a minimum of 200 clinical hours. You can choose to give therapy access to just the employees who need it or cover the whole team, and sessions are available within 24 hours of first contact.

Employees can get support either via a 50-minute virtual therapy session or use our ‘Ask a therapist’ feature for message-based help. Spill is fully secure and all therapy sessions are confidential. Video therapy sessions are end-to-end encrypted and all messages to and from therapists are fully secure: they can only be unlocked and viewed by the user receiving them.

A 5-start Trustpilot review for Spill saying "Great therapist and confidential service. Customer support is also super quick to respond. I'm lucky that my work pays for access, every workplace should."

Confidentiality on the Spill Starter Plan

Our Starter Plan lets you offer therapy to a certain number of employees on a pay-as-you-go basis. The admin of the account sends therapy booking links to chosen employees and we only charge you for sessions that are used.

In terms of privacy, the admin of your account with Spill can see who has used therapy but they will never know what’s been discussed in the sessions or shared via message. Apart from sessions attended, you will only be able to see information that employees specifically opt in to sharing, like feedback comments and mood scores.

Confidentiality on the Spill Team Plan

The Team Plan means everyone at the company can benefit from Spill therapy. Your team will access Spill via a Slack or Microsoft Teams integration, but all therapy sessions and messages take place separately to keep them away from work systems.

The admin of your account with Spill can see the number of people who have used the Spill app, but no one at the company will know who has or hasn’t accessed therapy, or be able to read any personal messages. Apart from anonymous usage data, your company will only see information that employees again choose to share, like feedback comments and mood scores.

EAPs Spill Starter Plan Spill Team Plan
Confidentiality when contacting the provider ✅ / ❌

👉 Depends on whether an individual knows the EAP's contact details

👉 The Spill admin at your company will send therapy booking links to specific individuals

Confidentiality when using the provider's services

Confidentiality when taking part in therapy sessions

👉 Unless there are safeguarding concerns

👉 Unless there are safeguarding concerns

👉 Unless there are safeguarding concerns

Understanding the ins and outs of confidentiality and data protection is never the most thrilling of tasks, but it really is so important — especially when your team’s mental health is concerned. And remember, it’s as much about understanding EAP confidentiality as it is communicating clearly to your team so that they feel safe, secure, and comfortable to seek help when they really need it.

In the difficult moments, that really can make all the difference 👇

A five-star Trustpilot review saying "Life can be difficult and there are circumstances you don't feel comfortable chatting about with friends, family, or colleagues. Spill is filling that gap."
Submit document logo

Get a free EAP confidentiality statement checklist

Review your EAP's confidentiality statement (or compare different EAP offerings) against industry best-practice standards

Compared to an EAP, 10x as many people use Spill.

See how Spill stacks up against EAPs