Group Therapy Informed Consent FAQ for Group Counseling Practices

This FAQ collects the questions group counseling practice owners and group leaders ask about informed consent: HIPAA group confidentiality limits under 45 CFR 164.502, member confidentiality agreement enforceability, group billing CPT codes (90847, 90849, 90853), 42 CFR Part 2 application to SUD groups, court-ordered group treatment dynamics, dual relationship policy under APA Ethics Code 3.05, screening and termination protocols, and documentation structures. Each answer is self-contained and citation-backed. If you need a workflow that drafts the consent form, captures member confidentiality agreement signatures across all group members, and stores the audit trail behind a HIPAA Business Associate Agreement, Formfy is the AI form builder group practices use; see /guides/how-to-create-group-therapy-informed-consent-group-counseling-practices for the step-by-step build guide.

Statistics referenced: APA Ethics Code 10.03 (group therapy informed consent); ACA Code of Ethics A.9 (group counseling); HIPAA Privacy Rule under 45 CFR Part 164 Subpart E and Security Rule under 45 CFR Part 164 Subpart C; 42 CFR Part 2 (federally assisted SUD confidentiality regulation, substantively amended in 2024); CPT codes 90847, 90849, and 90853 (American Medical Association Current Procedural Terminology); the federal psychotherapist-patient privilege from Jaffee v. Redmond, 518 U.S. 1 (1996); the No Surprises Act good faith estimate at 45 CFR 149.610; and the ASAM Criteria for Substance Use Treatment (4th edition, 2023).

Frequently Asked Questions

Group counseling practices informed consent FAQ

What are the HIPAA confidentiality limits in a group setting?

HIPAA 45 CFR 164.502 covers the practice as a covered entity but does NOT cover the other group members. The clinician is bound by HIPAA to protect what they hear; other group members are bound only by the voluntary member confidentiality agreement, which has no enforcement mechanism beyond removal from the group. The consent form must state this distinction explicitly so the patient understands that HIPAA protects what the leader does with information but cannot prevent another member from disclosing what was shared. State the limits of confidentiality that apply to the group leader: mandatory reporting under state law and CAPTA at 42 U.S.C. 5106a, court orders under 45 CFR 164.512, and imminent danger to self or others. Group records are typically maintained as a single chart with group session notes; individual disclosures may be summarized in the group note without identifying other members.

How do I enforce member confidentiality?

You cannot legally enforce member confidentiality in most jurisdictions because group members are not licensed professionals bound by HIPAA or state mental health confidentiality statutes. The member confidentiality agreement is a voluntary commitment captured at intake. Practical enforcement options include: (1) removal from the group on a confirmed breach, (2) a confidentiality discussion at every group session opening, (3) a written breach response protocol that includes group leader notification and group discussion, and (4) clear consent language acknowledging the non-enforceability so patients understand the practical limit. Some practices include a contractual liquidated damages clause for breach, but enforceability is uncertain and courts typically disfavor such clauses in therapy contexts. The strongest protection is intake screening and ongoing reinforcement, not contractual penalty.

What is the difference between CPT 90847, 90849, and 90853?

CPT 90847 is Family psychotherapy with the patient present, billed for one identified patient with their family members in a single session, typically 50 minutes; it is family or couples therapy, not group therapy. CPT 90849 is Multi-family group psychotherapy, billed when multiple identified-patient families meet together (common in adolescent SUD and eating disorder programs); each identified patient generates a separate billable encounter. CPT 90853 is Group psychotherapy (other than of a multiple-family group), the standard group therapy code billed once per patient per session for groups of 5 to 10 members, typically 45 to 60 minutes. Insurance reimbursement rates for 90853 are typically 30 to 50 percent of individual psychotherapy rates. Document the appropriate code on every encounter; mis-coding is a common audit finding.

How does 42 CFR Part 2 apply to substance use groups?

42 CFR Part 2 is the federal confidentiality regulation governing records of patients receiving treatment from a federally assisted substance use disorder (SUD) program. It is stricter than HIPAA in three ways: (1) records that identify someone as receiving SUD treatment may not be disclosed without specific written consent meeting the regulation requirements at 42 CFR 2.31, (2) re-disclosure of disclosed records is generally prohibited absent additional consent, and (3) court orders to disclose require specific findings under 42 CFR 2.65 and 2.66. The regulation was substantively amended in 2024 to better align with HIPAA in some respects while preserving the core protections. Group consent in SUD programs must explicitly address Part 2 restrictions, the limits on disclosure, and the patient right to consent or refuse each disclosure category.

How do I handle court-ordered group treatment?

Court-ordered group treatment (DUI groups, batterer intervention programs, court-mandated SUD treatment, anger management for criminal cases) raises consent issues because participation is coerced. Document four things: (1) the patient is participating under court order and the participation is not voluntary; (2) the leader has a reporting obligation to the court or probation officer regarding attendance and progress; (3) the patient may withdraw, but withdrawal will be reported to the court; (4) the patient retains the right to refuse to disclose specific content within sessions and the leader will document attendance and participation, not content, in court reports unless the court order specifically requires substantive reporting. Some states require specific consent language for court-ordered programs. The intake should also screen for whether the court order assigns a specific level of care; if so, consent should reference the ASAM level.

Can a group member sue another member for breaking confidentiality?

Generally no, because the member confidentiality agreement is a voluntary commitment, not a legally enforceable contract in most jurisdictions. Group members are not licensed professionals bound by HIPAA or state mental health confidentiality statutes. A breaching member could face removal from the group, exclusion from future participation, and (rarely) a tort claim for invasion of privacy or intentional infliction of emotional distress if the breach met the elements of those torts. The consent form must state this practical limit so members understand that HIPAA-style enforcement is not available between members. Intake screening, group rules, and ongoing reinforcement of the confidentiality agreement are the primary protective mechanisms. Document the agreement signature at intake and a refresher at any new member addition.

How are members screened for group?

Group screening protects safety, fit, and clinical effectiveness. The standard screening protocol includes (1) an individual intake session (typically 50 minutes) with the prospective member to review the presenting concern, treatment history, and group fit, (2) a structured assessment for the inclusion and exclusion criteria (DSM-5-TR alignment with the group focus, ruling out active psychosis, active suicidality requiring higher level of care, or active substance dependence requiring detox), (3) review of the consent and member confidentiality agreement with documented signature, and (4) leader determination of group fit. Some practices add a trial session with confirmation of fit by the existing group. Document the screening rationale and decision in the chart. Excluded prospective members must receive referrals to alternative services to avoid abandonment under APA Ethics Code 10.10.

What is the typical group size and duration?

Standard group therapy practice supports groups of 5 to 10 members; below 5 members groups lose interactive richness, above 10 members the leader cannot adequately track individual processes. Specific group formats use different sizes: process-oriented psychodynamic groups commonly run 6 to 8 members, structured psychoeducational groups (DBT skills, CBT for depression) run 8 to 12 members, support groups run 8 to 15 members, and intensive outpatient programs (IOP) run 10 to 15 members in psychoeducational sessions and 6 to 10 in process sessions. Session duration typically runs 50 to 90 minutes for outpatient groups and 90 to 180 minutes for IOP groups. Open groups admit new members on rolling basis; closed groups maintain the same membership for a defined number of weeks. Document the group format and size limits in the consent.

What clauses protect against common group therapy liability exposure?

Six clauses provide the bulk of protection. First, scope of group services and the inclusion and exclusion criteria, with a referral pathway for members who become inappropriate for the group. Second, the limits of confidentiality, listing every mandatory reporting trigger, court-order pathway, and the practical limit of member confidentiality. Third, the member confidentiality agreement with the non-enforceability disclosure. Fourth, the dual relationship policy under APA Ethics Code 3.05 and ACA Code A.6. Fifth, the termination protocol with abandonment prevention under APA 10.10. Sixth, the BAA coverage for vendors handling PHI under 45 CFR 164.314. Add the No Surprises Act good faith estimate under 45 CFR 149.610 for self-pay patients, the 42 CFR Part 2 disclosure for SUD groups, and the telehealth section if applicable. Carry malpractice insurance with group therapy coverage explicitly endorsed.

Can pre-licensure clinicians lead groups?

Yes, with adequate supervision under APA Ethics Code 10.01(c) and ACA Code F.1. Pre-licensure clinicians (associate, intern, registered, provisional) must disclose their pre-licensure status to each group member, identify their supervisor by name, license type, and license number, and provide supervisor contact for any concerns. State licensing boards have ruled that failure to disclose pre-licensure status constitutes a deceptive practice. Some states (notably California) restrict the scope of services pre-licensure clinicians may deliver and require additional supervision documentation for groups. The supervisor must be qualified to supervise group therapy specifically, which is a different competency than individual supervision. Pre-licensure trainees should not lead groups with active suicidality, active psychosis, or court-mandated populations without a fully licensed co-leader.

Are e-signed group informed consent forms enforceable?

Yes. The federal Electronic Signatures in Global and National Commerce Act (ESIGN Act) at 15 U.S.C. 7001 and the Uniform Electronic Transactions Act (UETA), adopted in 49 states, give electronic signatures the same legal effect as wet-ink signatures for nearly all consumer and professional services contracts. Group informed consent forms and member confidentiality agreements are squarely covered. The e-signature platform must be HIPAA-compliant and operate under a Business Associate Agreement under 45 CFR 164.314 because the consent form contains protected health information. The audit trail must capture timestamps, IP addresses, and consent to electronic records. Formfy, SimplePractice, TherapyNotes, DocuSign, and Adobe Acrobat Sign all sign HIPAA BAAs. For group practices, modern platforms allow each member to sign through a single link without printing or scanning; this is the most efficient workflow for rolling-admission groups.

How do I handle a member who breaches the confidentiality agreement?

Most practices follow a four-step protocol: (1) the leader confirms the breach (member self-disclosure, another member report, or external evidence); (2) the leader meets individually with the breaching member to discuss, document the breach in the chart, and determine whether removal is warranted; (3) if removal is warranted, the leader provides written notice and offers referrals to alternative services to avoid abandonment under APA Ethics Code 10.10; (4) the leader brings the breach to the group, identifying the breach without disclosing the breaching member name (if removed) or with the breaching member present (if remaining), and reviews the member confidentiality agreement. The consent form should state the breach response protocol and the consequence (typically removal). Document each step. Avoid retaliatory action; the goal is restoring group safety, not punishment.

What is the relationship between group members and individual therapists?

Most practices encourage members to maintain an outside individual therapist for individual treatment goals that the group cannot adequately address. The consent form should state the practice policy on combined treatment: (1) whether members may be in individual therapy with the group leader (most practices prohibit this dual relationship under APA Ethics Code 3.05), (2) whether the group leader will communicate with the outside individual therapist (typically requires release of information under HIPAA 45 CFR 164.508), and (3) the scope of communication between the group leader and the individual therapist (clinical coordination only, not detailed group disclosures). Some integrated programs deliberately combine individual and group treatment with the same clinician; these require additional consent language addressing dual roles and confidentiality across modalities.

How long must I retain group therapy records?

HIPAA 45 CFR 164.530(j)(2) requires retention of HIPAA-related documentation for at least six years from creation or last effective date. Clinical records themselves are governed by state-specific retention laws, which typically range from five to twelve years from the last date of service for adult patients, and longer for minor patients (often until the minor reaches the age of majority plus five to ten years). For group records, retain both the individual member chart (intake, consent, treatment plan, termination summary) and the group session notes for the longest applicable period. Federal Medicare records require retention for at least ten years. SUD records under 42 CFR Part 2 follow the longer of state retention or six years. Adopt the longest applicable period across all retention rules. Document destruction must be HIPAA-compliant under 45 CFR 164.310(d)(2)(i) and 164.530(c).

Can a court subpoena group records?

A subpoena alone is insufficient to compel production of mental health records under HIPAA 45 CFR 164.512(e). The leader may produce records only with signed patient authorization meeting 45 CFR 164.508 standards, a court order signed by a judge, or a qualified protective order. Group records present additional complexity: a subpoena for one member records may incidentally disclose information about other members within group session notes. The leader should redact other-member information or seek a qualified protective order before production. The federal psychotherapist-patient privilege established in Jaffee v. Redmond, 518 U.S. 1 (1996), protects communications in federal court; state evidentiary privilege protects state-court proceedings. SUD group records under 42 CFR Part 2 require court orders meeting specific findings under 42 CFR 2.65 and 2.66. Consult counsel for any contested subpoena.

How does Formfy specifically help with group therapy informed consent forms?

Formfy lets a group counseling practice describe the group format in plain English to the AI form builder, which returns a delivery-ready group informed consent with the e-signature block, member confidentiality agreement section, telehealth section, and ASAM Level of Care section if SUD-related. Each new group member signs a single link that captures their consent and member confidentiality agreement together; the practice avoids paper or scan workflows. The HIPAA group confidentiality limits, APA 10.03 and ACA A.9 disclosure elements, and dual relationship policy are imported once and reused across templates. Formfy operates under a Business Associate Agreement under 45 CFR 164.314 covering the data plane. Submission-based pricing at $19 to $199 per month covers group practice intake volumes. The free 15-day trial requires no credit card. See /guides/how-to-create-group-therapy-informed-consent-group-counseling-practices for the step-by-step.

What documentation should the leader keep for each group session?

Standard practice maintains both individual member charts and a group chart. The individual chart contains the intake, consent, treatment plan, periodic progress notes summarizing group activity for that member, and termination summary. The group chart contains a session-by-session note that captures attendance, group themes, leader interventions, clinically significant individual disclosures (without naming other members in the disclosing members chart), and any safety concerns. Some practices use a parallel structure where the group session note is reproduced in each members chart with member-specific content; others maintain a single group note with cross-references. State licensing boards and CMS Medicare guidance address documentation expectations. The consent form does not need to enumerate the documentation structure but should state that group activity is documented and that the patient may request access to their own chart under HIPAA 45 CFR 164.524.

Related resources

Build a group therapy informed consent form in 30 seconds

Free 15-day Formfy trial. No credit card. Submission-based pricing. BAA on request.

Start your free trial

Last verified: 2026-04-25. This page is informational; it is not legal or clinical advice. Group counseling practices should review state-specific mandatory reporting, telehealth licensure compact participation, 42 CFR Part 2 application to SUD groups, and abandonment-prevention rules with counsel and their licensing board.

Related guides