Pastoral Confidentiality: An Ethical and Legal Responsibility
The pastor’s obligation to maintain confidentiality is not only a moral obligation, but also often a legal one.
By David O. Middlebrook
Confidentiality places a duty on clergy not to disclose information shared with them in private. Confidentiality is also the ethical and often legal responsibility to safeguard congregation members from unauthorized disclosures of information given in the context of a confidential pastor-parishioner relationship. Historically, pastors have had only a moral obligation to maintain the confidentiality of information given to them by congregation members. In recent years, however, people have brought an increased number of lawsuits against pastors for invasion of privacy and other tort claims arising out of the disclosure of confidential information by a pastor or other church official. The result of these suits has brought recognition that the obligation to maintain confidentiality is not only a moral obligation, but also often a legal one. This article will focus on pastoral confidentiality as it applies in a variety of church settings.
Church Board Confidentiality
In most legal relationships or transactions, we deal with one another with what the law generally calls an “arms-length” status. This means we have no special duty or requirement to protect the other person or warn him if he is about to engage in conduct that is unwise or not in his best interests. In certain situations, however, the law does require a higher standard of conduct. We refer to such situations as having a fiduciary duty. Officers and directors of a corporation, including a nonprofit corporation such as a church or ministry, also owe a fiduciary duty to that corporation.
So what is fiduciary duty? It is the duty to act in the best interests of the church even if doing so may not be in the best personal interests of that officer or director. Fiduciary duties include the duty of loyalty. Within this duty of loyalty is the responsibility to maintain confidentiality. This means the director needs to hold all information he learns by virtue of his position on the board of directors in confidence. A director should not disclose information regarding church affairs unless the church has already made a public disclosure or the public already commonly knows this information. This is especially important in the case of financial information and future plans of the church.
One specific example of why it is important for board members to always maintain their fiduciary duties, particularly the duty of loyalty, is because from time to time board members may receive information that is protectable under the attorney-client privilege. The courts will waive the protections available to preserve these confidential communications if a board member discloses them outside a proper venue.
Breaches of the duty of loyalty can result in personal liability for directors, although some states have legislatively limited the liability of volunteer directors in some circumstances. Some organizations have Directors and Officers Liability Insurance that may protect directors from personal financial liability in certain situations.
Most courts view whether or not a pastor or board member violated fiduciary duty based on the individual facts and circumstances of each case. They will judge a church officer’s conduct on what an ordinary and prudent officer would have done (or not done) under similar circumstances.
HIPAA and Confidentiality
The Health Insurance Portability and Accountability Act (HIPAA ) creates nationwide standards related to the collection, retention, and uses of employees’ health information. The basic idea behind HIPAA is that employers may not use or disclose an employee’s private health information without the employee’s written consent except for certain narrowly defined purposes generally related to treatment, payment, and health operations.
Does your church have to comply with HIPAA ? The answer, a favorite of lawyers everywhere, is, “It depends.” The area where this issue tends to come up is with administration of the church’s health plan. Churches that self-administer health plans and have over 50 participants are subject to the privacy-protection rules of HIPAA .
Churches that are subject to HIPAA will need to create, document, and implement a privacy plan to ensure they keep employees’ private medical information confidential. This written plan needs to include designation of a certain employee as the plan’s “Privacy Official” to administer the plan, creation of a privacy-training program, and creation of internal guidelines and procedures to ensure that they protect private health information by making sure no unauthorized persons see it. The plan should also include documenting authorized uses for the information, creating an inspection and copying process, creating a record-keeping procedure, creating notices regarding information practices, and having a complaint process. The law has specific requirements in each area. Some churches may decide the costs and risks associated with administering their own plan are not in the organization’s best interests and obtain a fully insured plan administered by third parties.
As a general proposition, the church should be careful that the designated privacy official is not involved in hiring, firing, promoting, or demoting fellow employees. Imagine a situation where the privacy official, acting also as the church’s human resources director, decides not to promote an employee from assistant business manager to the controller position, or is the person who advises the employee of this decision. Imagine further that this employee knows this same privacy official just finished processing the employee’s claim for health benefits related to a heart condition. If the employee were to conclude that the church denied the promotion for fear the increased demands of the new position might cause the employee to suffer a heart attack, that employee might make a claim to the government for violation of HIPAA .
HIPAA does not provide for a private lawsuit remedy, but it does allow for someone to lodge a complaint that would initiate a government investigation. Anyone, not just the employee who alleges his employer violated his privacy, can initiate a complaint. In addition, the government, on its own initiative, may initiate an investigation without a complaint, picking the church to be investigated at random if it desires.
Upon launching an investigation, the government will want to inspect the church’s written HIPAA plan. The church must maintain HIPAA records for 6 years either in written or electronic form. Also, while a HIPAA violation may not allow for the filing of a private lawsuit, a person could use HIPAA regulations as the basis for a private lawsuit alleging other claims such as invasion of privacy or another civil violation.
So what about churches that do not self-administer their own health plans? Employers, as a general rule, are not considered to be covered under the HIPAA requirements. The real key, though, is what uses the church makes of employee health information. At the least, the church should conduct an internal review of its access to or use of health information and create a memorandum detailing that review and any conclusions reached (such as that the church does not make use of employee’s private health information and therefore does not have need to create a HIPAA plan). If the church is in any way involved in collecting or giving out health information — such as a church that has a fully insured health plan but that fulfills some administrative functions or monitors benefit utilization — then it needs to think about HIPAA regulations.
Many churches wonder whether HIPAA prohibits them from discussing a congregant’s health issues with other members. For instance, if a member is in the hospital, is the church permitted to list the member in the prayer request section of the church bulletin? HIPAA does not prohibit this type of disclosure. The church, however, needs to consider the purpose behind HIPAA before it or its ministers divulge information regarding a member’s health-related issues. Simply put, the purpose of HIPAA is to give an individual protected right over his health information and set rules on who can look at and receive his health information. So before you discuss a congregant’s health issues with other members, consider whether you have the congregant’s permission or whether the information is something that needs to remain confidential. Rule of thumb: Keep the information confidential unless the individual or immediate family gives you permission to share.
The clergy-penitent privilege is the legal mechanism that prevents clergy or counselors from being required to disclose confidential communications in a court proceeding. This privilege belongs to the person who disclosed the information and is designed for his protection, rather than for the protection of the clergy.
One important exception to the privilege rule deals with the issue of suits affecting the parent-child relationship. In mental health counseling, it may be possible to uncover information that concerns a child and that is the subject of a pending lawsuit. This exception makes it critical for a church that provides counseling services to distinguish what type of services it is providing and to understand the difference it makes to the congregation.
If the counseling is pastoral or spiritual counseling only, in many states the only exceptionfor divulging information is for reporting child abuse. If the counseling is mental health counseling, lawyers can argue that the exceptions of the mental health privilege would apply, and the court could compel the counselor to divulge the information in a suit involving a parent-child relationship. Failure to differentiate between these could give rise to liability on the part of the church and the counselor, for example, based on the lack of informed consent, if pastor/counselor inaccurately led the person he was counseling to believe that nothing he tells the pastor/counselor can ever be revealed.
Another situation in which the privilege would not apply is when the individual or someone authorized to act on his behalf signs a written waiver of the right to the privilege or confidentiality. This eliminates the privilege and the information is subject to disclosure. If a parishioner waives this privilege, the pastor has no legal grounds for withholding the information and must disclose it upon proper request.
A recent Washington state case regarding confessions made by a church member to a pastor dealt with the issue of waivers. The congregant made certain confessions to his pastor regarding a murder in which he had been involved. The pastor discussed it with two colleagues. At the church member’s trial, the court attempted to compel the pastor to testify regarding the confessions. When the pastor refused, stating they were confidential, the judge held him in contempt of court. The prosecutor argued the communications were no longer privileged because the pastor had waived the privilege by talking to others about the conversations. The court ruled that, while the pastor broke the rules regarding the confidentiality of the statements, the congregant’s rights regarding the privileged nature of the communications were still intact. Essentially, the court stated that only the communicant may waive his privilege. The acts of another unauthorized person may not act to waive the confidential nature of these special conversations.
Note that any waiver of the privilege that a pastor or counselor uses must be clear and specific, so the person understands that anything told to the pastor/counselor will not be kept confidential if requested by a third party. This does not change the confidential nature of the communication or records, but does prevent the counselor and the counselee from claiming these communications are “privileged.”
In summary, while each state’s privilege rules differ, every state has some form of privilege for communications made to a member of the clergy in the context of a confessional or penitential communication.
Child Abuse Reporting
All 50 states have enacted child-abuse laws that define responsibilities in protecting vulnerable children from abuse and neglect. Most state statutes define child abuse to include physical and emotional abuse, neglect, and sexual molestation. Some states now include parental substance abuse and abandonment within their definitions of child abuse. States ordinarily define a child as any person under age 18. Typically, individuals who may be reported for abuse or neglect include individuals who have some legal responsibility for the child, such as a parent, legal guardian, foster parent, or relative.
Every state has a statute that identifies persons who are under a legal duty to report abuse under specific circumstances. Whether members of the clergy are required to report suspected child abuse varies from state to state. Some states’ statutes include a list ofmandatory reporters and define a mandatory reporter by occupation — doctor, nursery school workers, or nurses; or, the statute simply defines a mandatory reporter as “any person having a reasonable belief that child abuse has occurred.” If a pastor falls within the category of a mandatory reporter, the pastor must report actual or suspected instances of child abuse to the proper authorities. In contrast, other states’ statutes may provide that a pastor falls within the category of a permissive reporter, which means that the pastor may report cases of abuse, but he is not legally required to do so.
Pastors who are mandatory reporters of child abuse under state law, face an ethical dilemma when they learn information about child abuse during a confidential counseling session. How should the pastor proceed? Should the pastor maintain the confidentiality of the privileged communication or should the pastor adhere to his legal responsibility to report the abuse to the proper designated authorities? The short answer is that the response will depend on the laws of the state where the pastor lives. Some states have attempted to resolve the conflict of mandatory reporting versus the clergy-penitent privilege by exempting clergy from the duty to report child abuse if the abuse was disclosed during counseling sessions. Other states have determined that any information protected by the clergy-penitent privilege is not admissible in a court proceeding.
Even though the reporting laws frequently recognize the clergy-penitent privilege, courts typically interpret this narrowly in the child abuse or neglect context. As a general rule, clergy should not assume they have no duty to report. Even if the clergy-penitent privilege is in effect in your particular state, it does not automatically excuse a failure to report. For instance, if the clergy learns of suspected abuse outside of the context of counseling or he does not obtain the information in confidence, then the clergy-penitent privilege could be held not to apply and the pastor could be liable for failure to report the suspected or actual abuse.
While persons who are legally required to report child abuse are subject to criminal prosecution for failure to do so, instances of actual criminal prosecution are rare. Some clergy, however, have been prosecuted for failing to file a report when they were in a mandatory reporting classification and they had reasonable cause to believe abuse had occurred. Criminal penalties for failing to file a report vary, but they typically involve short prison sentences and small fines.
Members of the clergy must know and understand their responsibility regarding the reporting requirements for child abuse. To find the specific reporting requirements for a particular state, visit: www.childwelfare.gov/systemwide/laws_policies/state/index.cfm. To report a claim of abuse or neglect, you can call the National Child Abuse Hotline at 800-4-A-CHILD orcontact individual state hotlines, where available. To obtain the hotline number for a particular state, visit: http://capsli.org/hotlines.php.
Many clergy are concerned they could be sued for malpractice if they divulge confidential information about a congregant. To the question of whether people can sue clergy formalpractice, we give the answerofa qualified yes.
As a basic concept, clergy malpractice is related to a lack of professional skill and failure to exercise reasonable professional care directed against the claimant seeking such services. It is based on what the clergyman did or did not do as compared to what a reasonable and prudent clergyman would have done or not done under the same set of circumstances. While there may be a number of circumstances where the issue may arise, one of the recurring areas is within clergy privilege.
Most pastors understand that communications made to them by a person seeking spiritual help or guidance are confidential and privileged. All jurisdictions recognize this privilege and hold that a clergyman may not be compelled to disclose what a person divulged to him. Malpractice claims have been asserted for violating that privilege. One of the more common situations where people assert malpractice claims is in the pastoral counseling setting. For example, a spouse admits to his pastor during a counseling session that he is being unfaithful to his wife. The pastor then tells his staff and the information gets back to the other spouse.
Although there are a number of reported cases involving claims for clergy malpractice throughout the country each year — with some resulting in money damages being assessed against the clergyman and against the church — as a general rule, the courts are rejecting the idea that there is a cause of action for clergy malpractice, by that name. They find there is no law recognizing such a distinct claim and there is no fiduciary relationship between the pastor and the claimant, meaning the law does not require the pastor to exercise any greater care to the claimant than it would as to a stranger.
Some courts, however, are finding there is such a claim and there is a special or fiduciary relationship that requires the pastor to exercise reasonable care. The more common approach appears to be that the court does not recognize a claim for malpractice, but does allow other claims to proceed that are independent torts such as assault, defamation, misappropriation of funds, fraud, or any other crime or tort that might apply.
Whether your jurisdiction recognizes clergy malpractice is important because such conduct may or may not be covered under church insurance. Many policies make exclusions for intentional misconduct. In that case, the claimant may assert clergy malpractice and plead it as a negligent, and not intentional, action.
Does your jurisdiction recognize clergy malpractice and, if so, is it covered under the church’s insurance? What policies and procedures does your church have in place to remove or restrict the potential for such a claim? Many claims can be prevented with proper planning. Even if your church is ultimately found not liable for such malpractice, the loss in terms of money spent to defend the case, distraction and loss of purpose, and damage to reputation can be enormous and far-reaching.
Confidentiality is an important and recurring theme in the church world. Whether in the context of corporate boards of directors, HIPAA requirements, the clergy-penitent privilege, child abuse reporting, malpractice, or other areas, clergy members and churches need to be aware of the impact that the U.S. Constitution and/or the laws of their respective state have on their respective legal obligations of confidentiality.
Though there are certain circumstances under which a disclosure of confidential information is not only necessary, but is required, unauthorized disclosures of confidential information can give rise to liability; therefore, you must thoroughly explore and understand the specific parameters of your responsibility to disclose or not to disclose confidential information depending on a certain set of circumstances. If you are confronted with a difficult situation and are in doubt about whether or not the release of confidential information is appropriate, it is sensible and, in fact, advisable for you to consult with an attorney who may counsel you regarding these important subjects and who can provide you with advice that will help protect both you and your church.
DAVID O. MIDDLEBROOK, J.D., Grapevine, Texas, is a member of The Church Law Group. He is the author of The Guardian System, a comprehensive system for the prevention of child abuse within an organization, for which he was awarded a 2001 Evangelical Christian Publishers Association Gold Medallion book award in recognition of excellence in evangelical Christian literature. He coauthored Nonprofit Law for Religious Organizations: Essential Questions and Answers, a response to the need for guidance, direction, and clarification of legal and tax laws affecting churches and other religious organizations.