Can you access or share another psychologist’s records within the same practice? And what are the limitations around discussing client information in a supervision session? APS's new practice guidelines outline necessary information for psychologists.
From 1 December 2025, psychologists must adhere to the Psychology Board of Australia’s Code of conduct, which will replace the APS Code of Ethics as the profession’s regulatory standard.
This shift reflects a national move toward unified standards across all regulated health professions. While the APS Code of Ethics will be retired, its core principles continue to inform the new Code of conduct.
To support this transition, the APS is releasing a series of professional practice guidelines. Designed specifically for members, these guidelines provide practical direction for applying the new Code of conduct across diverse settings.
"We see this as an important opportunity to strengthen the profession. These guidelines are designed to support psychologists with practical, real-world advice grounded in our shared ethical foundations," says Dr Zena Burgess, CEO, APS.
The APS has recently released the first two guidelines, covering confidentiality and record keeping. These guidelines offer clarity, nuance and contemporary examples for issues psychologists navigate every day. More practice guidelines will be released over the coming months, spanning topics from informed consent to working with clients at risk of suicide.
Below is a high-level summary of key information from the first two published guidelines. Members are encouraged to read the full documents to ensure a complete understanding of their responsibilities and the nuanced guidance provided.
1. Is confidentiality absolute in psychological practice?
No – and it’s critical psychologists are clear about this from the outset of service provision. While confidentiality is foundational to building trust and therapeutic safety, it is not unlimited.
The guidelines identify three types of disclosure:
-
Legally obligated disclosure, such as mandatory reporting of abuse or responding to a subpoena (See APS's resource on managing legal requests for client files, subpoenas, and third party requests).
-
Allowable disclosure, for example, when a psychologist reasonably believes disclosure is necessary to prevent serious harm to a client or others.
In such situations, professional judgement is required to weigh up the need to maintain confidentiality against the need for safety, while assessing the likely extent of risk and harm. A comprehensive risk assessment will support this decision-making process.
(Keep an eye out for our upcoming professional practice guidelines on reporting abuse, neglect and criminal activity; and another on working with clients when there is a risk of suicide. Both will shortly be available here).
-
Contractual disclosure, such as obligations to third-party payers like Medicare. For example, when providing services under Medicare, you are obliged to send the referring GP a brief summary report about the treatment after a designated number of sessions. Ensure clients are aware of and consent to this requirement.
Psychologists must communicate these limits to clients (and guardians or associated parties where relevant) in plain language, and confirm understanding before commencing treatment.
2. How should I respond to third-party requests for client information?
All requests must be carefully assessed for validity. If disclosure is being made with client consent, check that consent is:
- Contemporaneous (i.e. recently provided, not from intake months ago)
- Informed (clients understand what will be shared, with whom, and how)
- Documented (preferably in writing, but verbal consent can be recorded in notes)
If you're unsure, seek legal advice or supervision – especially when third-party interests might conflict with the client’s wellbeing.
3. What do I need to be mindful of when working in a team?
Breaches can occur inadvertently when psychologists share physical space with other professionals (e.g. teachers, case workers, carers).
Information obtained in one context can only be shared in another with client consent. This includes multi-disciplinary team discussion or conversations with associated parties like teachers, carers or case workers.
4. What do I need to include in a consent process related to information sharing?
Informed consent must go beyond a signature on a form. The guidelines recommend covering:
- What kind of information will be collected
- How it will be used, stored and shared
- Who will have access to it, and under what conditions
- How clients can withdraw consent and what this means in practice
When consent is required for recording sessions, using third-party platforms, or engaging in peer consultation, psychologists must document the process and revisit it regularly, especially when circumstances change.
5. What confidentiality factors do I need to consider when working with children or young people?
When it comes to determining the child’s capacity to consent, psychologists must weigh up factors such as age, developmental level, family involvement and risk of harm.
The guidelines encourage clinicians to proactively clarify limits to confidentiality with both the child and their legal guardians.
6. Can I discuss client cases during supervision or training if the information is de-identified?
Yes, you can. But it’s not enough to simply remove names. The risk of re-identification remains if a client has a unique occupation, publicly known history or if sensitive information is shared within a small community.
Best practice involves obtaining informed consent for case discussion during supervision or peer consultation. Even when clients can’t be directly identified, psychologists must protect their privacy and seek written consent when sessions are recorded or transcribed for training.
7. When can I access or share another psychologist’s records within the same practice?
Only when you're directly providing a service to the client and have authorisation through informed consent. Shared practice management systems don’t override ethical and legal obligations.
This applies not just to psychologists, but to admin staff, students and other professionals in multidisciplinary teams. All staff must adhere to client confidentiality.
8. How do I safely manage records when closing or relocating my practice?
When winding down a practice, psychologists must make plans for secure storage, transfer or destruction of client records in accordance with local privacy legislation.
This includes communicating with former clients (or publicising changes where direct contact isn't possible) and remaining contactable for the period that you retain records.
9. Do I need a privacy policy in solo or small private practice?
All practices require a privacy policy – business size doesn't change this. The Privacy Act 1988 and Australian Privacy Principles require any health practitioner collecting personal or sensitive information to have a privacy policy.
This must outline how client data is collected, stored, used and disclosed – and must be available to all clients. If you use AI tools, mailing lists or digital platforms, ensure your policy reflects these technologies and you obtain informed consent for their use.
Learning opportunity: Cyber security, privacy, and data protection.
10. What are my obligations in the event of a data breach?
Psychologists must be familiar with the Notifiable Data Breach scheme under the Privacy Act. If personal information is accessed without authorisation – whether through cyber attack, theft, human error, or system failure – you may need to notify both the client and the Office of the Australian Information Commissioner (OAIC).
A prompt and transparent response includes assessing risk, containing the breach, and taking corrective action. Ensure your practice systems are designed to protect confidentiality at all times, including communication tools, backup storage and digital security settings.
Learning opportunities: Cyber security for psychologists (CPD approved).
Cybersecurity essentials for Australian psychologists: Protecting patient privacy in a digital world CPD approved).
Want to go deeper?
These new guidelines on confidentiality and record keeping are part of a larger series designed to help psychologists deliver ethical, evidence-informed services across all settings.
Forthcoming topics include setting and adhering to boundaries and multiple relationships, working with clients at risk of suicide, gaining informed consent, and more.
“This is about equipping members for the realities of modern psychology," says Dr Burgess.
“We’re committed to supporting members at every stage of this transition. Each guideline is designed to be more than a reference. They are tools for ethical, effective decision-making in a real-world context.”
Download the full guidelines via: