Are employee assistance programmes (EAPs) confidential?

Are EAPs confidential?

‍

The short and longer answers here are both yes, EAPs are confidential.

‍

The details of your employees’ (or even your own!) interactions with the EAP will never get back to anyone in the company. No one even needs to know that the EAP has been contacted by a particular individual (bar one important barrier to contact, which we talk about later). When someone first contacts an EAP, they may have to give the name of their company but that’s just so the EAP knows which support they can get.

‍

Most people tend to use EAPs for the counselling services, so that’s what we’re going to focus on here when it comes to looking at confidentiality. 

‍

The titles therapist, counsellor, or psychotherapist in the UK are uncharted, meaning that technically, anyone can say they are one of these things. That’s why we at Spill, and many EAPs, only use therapists who are fully qualified (that’s a given) and registered with member organisations like the British Association for Counselling and Psychotherapy (BACP), National Counselling Society (NCS), or equivalent. Each of these associations set out their own ethical code of conduct and any therapist registered with them must follow these regulations. 

‍

EAPs themselves will also have their own confidentiality measures in place. In its latest guidance, the UK Employee Assistance Professionals Association (EAPA) advises that there are two requirements when it comes to EAP confidentiality and data protection:

• Have a clear confidentiality statement
• Adhere to UK Data Protection legislation

‍

They then go on to outline some of the minimum confidentiality and data protection requirements for any EAPs that are members of the organisation:

• An EAP must explain confidentiality and its boundaries to purchasers.
• An EAP must have a written statement which fully informs service users about their rights regarding the scope and limitations of confidentiality. This statement shall be communicated and made available to every service user before assistance is offered. In the case of telephone or online counselling it will be expected that the statement will be read out or typed out and verbally agreed or agreed to online by the service user. A copy will be sent by email if requested by the service user.
• Every employee of an EAP must personally contract to a confidentiality agreement.
• An EAP must protect service user information from disclosure with appropriate levels of security.

‍

Generally, information shared with an EAP counsellor cannot be shared with anyone, including supervisors or other employees, without your employee’s written consent.

‍

The different levels of EAP confidentiality

As we’ve established, EAPs are generally confidential: they have to be in order to work. But as we thought about it more at Spill HQ, we realised there were actually three different levels to this confidentiality worth being aware of. 

‍

Confidentiality when contacting the EAP

Before any kind of EAP counselling or advice can be given, your employee has to actually contact the EAP. If they have the contact details right in front of them, it’s easy: they can initiate contact and no one else in the company, at home, or in the pub will be none the wiser. 

‍

But, and it's a big but, what if your employee doesn’t know how to get in touch with or use your EAP?

‍

Well, that leaves them with pretty much three options:

1. They decide they don’t need support after all.
2. They turn to an external source of help, which will cost them money and mean your EAP goes unused.
3. They ask someone in the company for the EAP contact details. 

‍

And if they select option #3, their use of the EAP is immediately no longer confidential. 

‍

It doesn’t matter if they don’t mind having to ask: someone else may feel differently and choose not to seek support as a result. In our minds, this shouldn’t even be an option because every step of the EAP support process should be confidential. And to do that, you need to make sure every single person in your company knows how to use your EAP and how to contact them. This promotion of your EAP is really important and not just in the early stages of introducing it. Consider designing posters and leaflets to leave around the office, making an internal company EAP information page, or sending a regular employee wellbeing newsletter — and make sure these always include your EAP’s contact details.

‍

Confidentiality when using the EAP’s services

Once your employee is engaging with the EAP, it’s completely confidential. 

‍

It doesn’t matter whether your employee is receiving counselling, getting advice from another professional, or using the self-help resources, their activity remains private. And this is so important for your team to understand as without this level of EAP privacy, no one would want to get support.

‍

Confidentiality when taking part in EAP counselling sessions

Lastly, there are a few occasions when EAP confidentiality needs to be broken.

‍

🫶 When there is a risk of harm to the individual or others

If the EAP counsellor has concerns about their client’s safety to either themselves or those around them, they will need to safeguard the individual or others from serious harm. And to do this, they will need to break confidentiality, which could mean contacting the individual’s GP or the emergency services. It’s worth noting that a doctor is not legally obligated to tell an employer if they received someone into their care for safeguarding reasons. This also includes any situations where there is suspicion of abuse to a child or older person, or discussions involving murder, terrorism, rape, and kidnapping. Should this happen, the counsellor will do their best to respect their client’s confidences that do not need to be overridden to prevent serious harm.

‍

📊 When collecting usage data

A tricky one, this really falls between confidential and not confidential. Some EAP providers may share usage data with you so that you can see if the EAP is being used, how often, and in some cases, trends in the themes that people approach the EAP about. For example, you might find out that seven spoke about anxiety or five people accessed resources about burnout. If more people than usual are looking for burnout support, it might signal a wider problem that needs addressing. 

‍

Employees who use the EAP are kept anonymous, as are the specific details of their situations and conversations with the EAP, but it’s really important that your team know:

1. This data is being shared
2. Why it's being shared and what you do with it
3. The specifics of the privacy of this data

What information does an EAP hold?

‍

While EAPs won’t share your employees personal information with you (the employer) they will have information about your employees. This is why every employee at an EAP must sign a confidentiality agreement and access to your employees’ records is limited to authorised EAP professionals only.

‍

The exact information an EAP holds will vary depending on why someone has been in touch: if they are looking for support around alcohol consumption, the EAP may hold information on their alcohol intake or other lifestyle factors. This is known as sensitive or special information, and can include financial, transaction, lifestyle, health, genetic, and biometric information.

‍

Here’s an example overview of the kinds of personal information an EAP might collect and why. Ask your chosen EAP provider for a similar list so that you and your team are fully aware of the personal and sensitive information they will collect.

‍

‍

EAP data: what can employers access?

‍

A follow on from the section above but in a bit more detail, it’s important you’re absolutely clear on what data you, as the employer or admin of the provider, can access when it comes to EAP usage in the company. Be sure to get clarification on this when you speak to potential providers and once your company gets its EAP, tell your team what you can and can’t see.

‍

While the general rule is that EAPs maintain strict confidentiality, they can share limited, non-identifying data with the admin of the account. As usual, the specifics of this will vary depending on the EAP and your agreement with them, but this can include:

• How the EAP is being used by your team, such as how many people are accessing the EAP, the types of issues being raised, and overall satisfaction of the programme.
• Recommendations based on the usage data to help you improve workplace wellbeing, policies, or training programmes.
• Critical incident reporting, for example if an employee poses an immediate threat to themselves or others. In these rare cases, the EAP may need to report this information to you, the employer, but also appropriate authorities to safeguard against serious harm.

‍

How to prioritise EAP confidentiality

‍

If you’re setting up an EAP for the first time or reviewing your existing one, here are three steps to keep in mind when it comes to the confidentiality and privacy of your provider. 

‍

👃Be nosey

In our experience, a lot of EAP providers share limited information on their websites. So, start digging! Most providers will have a privacy policy that details what data they collect, why, and how it’s used. Read it through and note down any questions. To find out more, you’ll generally have to book a call to speak to the provider’s sales team: be sure to ask them detailed questions about their EAP’s confidentiality.

‍

👓 Be thorough

Once you’ve chosen an EAP provider for your company, take the time to thoroughly read your contract with them. They’ll have included detailed information about their confidentiality and privacy policies: review it carefully and don’t hold back if you have any questions. It’s best to ask now and iron out all the kinks before you sign the dotted line. 

‍

🗣️ Be honest

During and after the setup of your new service, speak honestly with your team about their new EAP’s confidentiality. Make sure everyone understands when the EAP is and isn’t confidential, and give them a chance to ask questions. Some providers might ask employees to sign a confidentiality agreement before getting support, such as before a counselling session. Find out the process and communicate this with your team as well: the last thing anyone needs is to be caught off guard when they’re trying to seek help.

Confidentiality at Spill

‍

Here at Spill, we give your team access to quality corporate therapy. Our therapists are all fully qualified, registered with the BACP or NCS, and have a minimum of 200 clinical hours. You can choose to give therapy access to just the employees who need it or cover the whole team, and sessions are available within 24 hours of first contact.

‍

Employees can get support either via a 50-minute virtual therapy session or use our ‘Ask a therapist’ feature for message-based help. Spill is fully secure and all therapy sessions are confidential. Video therapy sessions are end-to-end encrypted and all messages to and from therapists are fully secure: they can only be unlocked and viewed by the user receiving them.

‍

‍

Confidentiality on the Spill Starter Plan

Our Starter Plan lets you offer therapy to a certain number of employees on a pay-as-you-go basis. The admin of the account sends therapy booking links to chosen employees and we only charge you for sessions that are used.

‍

In terms of privacy, the admin of your account with Spill can see who has used therapy but they will never know what’s been discussed in the sessions or shared via message. Apart from sessions attended, you will only be able to see information that employees specifically opt in to sharing, like feedback comments and mood scores.

‍

Confidentiality on the Spill Team Plan

The Team Plan means everyone at the company can benefit from Spill therapy. Your team will access Spill via a Slack or Microsoft Teams integration, but all therapy sessions and messages take place separately to keep them away from work systems.

‍

The admin of your account with Spill can see the number of people who have used the Spill app, but no one at the company will know who has or hasn’t accessed therapy, or be able to read any personal messages. Apart from anonymous usage data, your company will only see information that employees again choose to share, like feedback comments and mood scores.

‍

‍

Understanding the ins and outs of confidentiality and data protection is never the most thrilling of tasks, but it really is so important — especially when your team’s mental health is concerned. And remember, it’s as much about understanding EAP confidentiality as it is communicating clearly to your team so that they feel safe, secure, and comfortable to seek help when they really need it.

‍

In the difficult moments, that really can make all the difference 👇

‍