Confidentiality

Standard 3.1: Confidentiality

The Professional Practice Standards regarding confidentiality. This includes the three standards, examples in demonstrating the standard, definitions, and related resources.

Confidentiality

Standard 3.1: Confidentiality

The Professional Practice Standards regarding confidentiality. This includes the three standards, examples in demonstrating the standard, definitions, and related resources.

Jump to Topic:

The Standard

 

3.1.1 Registrants do not collect, use, or disclose information about a client without the informed consent of the client or their authorized representative, except as permitted or required by law.

 

3.1.2 Registrants familiarize themselves and comply with relevant privacy laws.

 

3.1.3 Registrants relying on others to provide reception or other administrative support train and supervise them on matters of confidentiality and privacy.

Standard 3.1

Demonstrating the Standard

  • Standard 3.1

    A registrant demonstrates meeting the standard, for example, by:

     

    • Explaining to clients the duty of confidentiality and limits to confidentiality.
    • Documenting informed consent in the client record regarding the collection, use and disclosure of information, indicating the manner in which consent was given (verbally, by gesture, in writing).
    • Only collecting, using, or disclosing information that is reasonably required in the circumstances.
  • Standard 3.1

    A registrant demonstrates meeting the standard, for example, by:

     

    • Applying privacy principles in research settings.
    • Notifying clients when disclosure of their information has been required by a court or tribunal.
    • Establishing processes to protect personal health information (hard copy and electronic files) from access by unauthorized persons while it is being collected, used, maintained, disclosed, transferred, or disposed.
  • Standard 3.1

    A registrant demonstrates meeting the standard, for example, by:

     

    • Avoiding the use of non-secure methods of communication, such as email, when transmitting confidential information unless the client consents to the risk and there is no practical alternative.
    • Promptly notifying the client and if applicable, the Information and Privacy Commissioner (IPC) when the client’s personal health information is stolen or lost, or when it is used or disclosed without authority.

Key Definitions

  • Key Definitions

    Confidentiality

    The duty to keep information secret subject to legal limits.

  • Key Definitions

    Personal health information

    Any identifying information about a client in oral or recorded format (written or electronic) that relates to his or her physical or mental health, including his or her family history, payment for healthcare, health care providers and substitute decision makers. Identifying information is information that directly identifies an individual or that can be reasonably foreseen to identify an individual, either alone or with other information. Information that does not allow the client to be identified is not personal health information and is not subject to PHIPA.[1]

     

    [1] Information and Privacy Commissioner of Ontario

  • Key Definitions

    Privacy

    A person’s interest in restricting the collection, use, and disclosure of their personal information.

  • Key Definitions

    Express Consent

    An expression of consent that is specifically communicated, e.g., orally or in writing.

Standard 3.1

Commentary

Background

Confidentiality is considered a cornerstone of the profession of psychotherapy and is embedded in its core values. Individuals come to therapists with sensitive, personal information, and confidentiality is required to build trust in the therapeutic relationship.

 

Confidentiality is also an important legal concept that applies to all regulated health professionals, including Registered Psychotherapists. The Personal Health Information Protection Act, 2004 (PHIPA) establishes rules relating to confidentiality and privacy of personal health information in Ontario. PHIPA requires that personal health information be kept confidential and secure.

 

It is a fundamental responsibility of registrants to maintain client confidentiality at all times, including when requests are made for client information by third parties such as lawyers or insurance companies.

 

In compliance with PHIPA, registrants must ensure that the professional relationship with the client and the client’s personal information are kept confidential, within legal limitations. Registrants must explain to clients the principle of client confidentiality and the legal limits to confidentiality (see “Limits to confidentiality” below). Registrants are also responsible for maintaining client information in a secure manner, so that unauthorized individuals do not gain access to records (see Section 5, Record-keeping and Documentation).

Disclosure of client information by RPs to other care providers

Due to the nature of the psychotherapeutic relationship, the sensitivity of information shared between client and therapist, and because of the particular weight placed on the duty of confidentiality by the psychotherapy profession, RPs must take care before disclosing client information to other care providers. While PHIPA allows providers in certain circumstances to assume a client has provided implied consent to disclose their personal health information to other providers,[2] RPs are strongly encouraged to obtain express consent. As part of the informed consent process in care team settings, such as in a hospital or agency, registrants should explain to clients what information will be shared with other providers in the team context, and who will have access to the record.

 

In all cases, professional discretion is employed, and only relevant and necessary personal health information may be disclosed. See Standard 3.3 – Communicating Client Care for more information.

 

[2] This is sometimes referred to as the “circle of care” principle, see Information and Privacy Commissioner of Ontario, Circle of Care: Sharing Personal Health Information for Health-Care.

Confidentiality and shared records

When an individual participates in group, family, or couple therapy and requests access to the record, registrants are only authorized to provide information relating to the individual who filed the request, unless other participants have provided their consent.

Limits to confidentiality

Normally, a registrant may only disclose personal health information with the consent of the client or their authorized representative. However, legally, there are a limited number of circumstances where disclosure of personal health information is required without consent. Notable limits to confidentiality include:

 

  • where the registrant believes on reasonable grounds that disclosure is necessary to eliminate or reduce a significant risk of serious harm (includes physical or psychological harm) to the client or anyone else, e.g., suicide, homicide. Note: If the registrant believes a significant, imminent risk of serious bodily harm exists, there may be a professional and legal duty to warn the intended victim, to contact relevant authorities such as the police or crisis intervention services, or to inform a physician who is involved in the care of the client.*
  • where a mandatory report is required (see Standard 1.3);
  • where necessary for particular legal proceedings (e.g., when the registrant is subpoenaed);
  • to facilitate an investigation or inspection authorized by warrant or by any provincial or federal law (e.g., a criminal investigation against the registrant, their staff, or a client). Registrants should seek legal advice when they are unsure whether a warrant or law permits them to disclose personal health information.
  • for the purpose of contacting a relative, friend or potential substitute decision-maker of the individual, if the individual is injured, incapacitated, or ill and unable to give consent personally; and
  • disclosing information to a college for the purpose of administration or enforcement of the Regulated Health Professions Act, 1991 (e.g., when a complaint has been made about a registrant, assessment of the registrant’s practice as part of the Quality Assurance Program).

 

When compelled to disclose client information for a legal proceeding, registrants should exercise prudence, and are advised to consult their legal advisor to determine the best way to respond.

 

*The law in Canada concerning the “duty to warn” is complex and evolving. Registrants are advised to consult their legal advisor when faced with a situation where this exception to the duty of confidentiality may apply.

Police or court requests for records

Registrants may be required (e.g., by order, summons, subpoena), to disclose client information. Registrants may have options when they receive such a notice. In some situations, they may be able to negotiate an alternative, or work with a lawyer to file a legal objection. Registrants should make reasonable efforts to inform the client of such efforts to require disclosure of their information.

 

A lawyer is in the best position to assist registrants in decisions pertaining to the legal system.

Deceased clients

The right to confidentiality does not end upon the death of a client. In Ontario, the right to consent to the collection, use, and disclosure of personal health information about a deceased individual is held by their estate trustee or administrator.

Join our mailing list and stay up to date with the latest news

Sign up to receive news and information from us.

Sign Up Today