(1) A
licensee, registrant, or certificate holder shall not disclose, without the consent of
the client, any confidential communications made by the client, or advice given to
the client, in the course of professional employment. A licensee's, registrant's, or
certificate holder's employee or associate, whether clerical or professional, shall
not disclose any knowledge of the communications acquired in that capacity. Any
person who has participated in any therapy conducted under the supervision of a
licensee, registrant, or certificate holder, including group therapy sessions, shall
not disclose any knowledge gained during the course of the therapy without the
consent of the person to whom the knowledge relates.
(2) Subsection (1) of this section does not apply and a licensee, registrant, or
certificate holder may disclose confidential information when:
(a) A client, or the heirs, executors, or administrators of a client, file suit or a
complaint against a licensee, registrant, or certificate holder on any cause of action
arising out of or connected with the care or treatment of the client by the licensee,
registrant, or certificate holder;
(b) A licensee, registrant, or certificate holder was in consultation with a
physician, registered professional nurse, certified midwife, licensee, registrant, or
certificate holder against whom a suit or complaint was filed based on the case out
of which the suit or complaint arises;
(c) A review of services of a licensee, registrant, or certificate holder is
conducted by any of the following:
(I) A board or a person or group authorized by the board to make an
investigation on its behalf;
(II) The governing board of a hospital licensed pursuant to part 1 of article 3
of title 25, where the licensee, registrant, or certificate holder practices or the
medical staff of the hospital if the medical staff operates pursuant to written
bylaws approved by the governing board of the hospital; or
(III) A professional review committee established pursuant to section 12-245-212 (1) if the person has signed a release authorizing the review;
(d) (I) A client, regardless of age:
(A) Makes an articulable and significant threat against an individual or
themself or makes an articulable and significant threat that, if carried out, would
result in harm to an individual or themself; or
(B) Exhibits behaviors that, in the reasonable judgment of the licensee,
registrant, or certificate holder, create an articulable and significant threat to the
health or safety of an individual or themself.
(II) A licensee, registrant, or certificate holder who discloses information
under this subsection (2)(d) shall limit the disclosure to appropriate school or school
district personnel, law enforcement agencies, and the individual who is the subject
of the threat. School or school district personnel to whom the information is
disclosed shall maintain confidentiality of the disclosed information, regardless of
whether the information constitutes an education record subject to FERPA,
consistent with the requirements of FERPA and regulations and applicable
guidelines adopted under FERPA, but may disclose information in accordance with
section 1232g (b)(1) of FERPA and 34 CFR 99.36 if necessary to protect the health
or safety of students or other persons.
(III) A licensee, registrant, or certificate holder who discloses or fails to
disclose a confidential communication with a client in accordance with this
subsection (2)(d) is not liable for damages in any civil action for disclosing or not
disclosing the communication. This subsection (2)(d)(III) does not rescind any
statutory duty to warn and protect specified in, and does not eliminate any potential
civil liability for failure to comply with, section 13-21-117.
(IV) (A) This subsection (2)(d) does not apply to an education record that,
under FERPA, is exempt from the HIPAA privacy rule.
(B) This subsection (2)(d) applies to covered entities, as defined in HIPAA.
(V) As used in this subsection (2)(d):
(A) Articulable and significant threat means a threat to the health or safety
of a person that, based on the totality of the circumstances, can be explained or
articulated and that constitutes a threat of substantial bodily harm to a person.
(B) FERPA means the federal Family Educational Rights and Privacy Act
of 1974, 20 U.S.C. sec. 1232g, as amended.
(C) HIPAA means the federal Health Insurance Portability and
Accountability Act of 1996, as amended, Pub.L. 104-191.
(D) School means a public or private preschool; elementary, middle, junior
high, or high school; or institution of postsecondary education described in title 23,
including the Auraria higher education center created in article 70 of title 23.
(3) The records and information produced and used in the review provided
for in subsection (2)(c) of this section do not become public records solely by virtue
of the use of the records and information. The identity of a client whose records are
reviewed shall not be disclosed to any person not directly involved in the review
process, and procedures shall be adopted by a board, hospital, association, or
society to ensure that the identity of the client is concealed during the review
process itself and to comply with section 12-245-226 (4).
(4) Subsection (1) of this section shall not apply to any delinquency or
criminal proceeding, except as provided in section 13-90-107 regarding any
delinquency or criminal proceeding involving a licensed psychologist.
(5) Nothing in this section shall be deemed to prohibit any other disclosures
required by law.
(6) Repealed.