Are there any other suggestions or samples you could recommend for private practice members of the necessary consents we should be collecting in regard to email communications?

We function quite analogously to a doctor’s or dentist’s office, so examples of those would suffice as well.

Answer from OIPC:
Separate consent for email communications is not required if you already have consent for the collection, use and disclosure of a patient’s personal information. PIPA treats electronic medical records the same way it treats paper medical records.

Some private practice clinics are using Gmail addresses or Gsuite Business Solutions. Google does not have Canadian servers. Should clinics be requesting consent before using email communications through these platforms due to cross border data flow?

Or should a disclaimer on the signature line be used in place, or in addition to such consent?

Answer from OIPC:
PIPA does not have data residency requirements, so physiotherapists in private practice do not require consent to store personal information on non-Canadian servers.

Should private practice clinics have a separate consent that allows them to use electronic communications (such as email/text) to communicate with patients and third parties?

Answer from OIPC:
You do not need separate consent for electronic communications if you already have consent for the disclosure of a patient’s personal information to third parties. PIPA treats electronic medical records the same way it treats paper medical records.

*PABC / CPTBC note: Please note this implies simple communication for appointments, etc. – not care delivery.

Can you confirm that email communications of this form with more sensitive personal and health information such as x-ray reports are NOT prohibited by PIPA? Expand for full question

Full Question:
Can you confirm that email communications of this form (book appointments, communicate with their clients in regards to progress, send general documents such as exercise pdf's, or send documents (from patient to private practice clinic) with more sensitive personal and health information such as x-ray reports)are NOT prohibited by PIPA (although they may require special consideration, security measures, and consent)?

Private practice clinics need to inform their client bases of their Virtual services. Some are concerned that this will be considered spam and break privacy legislation if the client has not agreed to receive marketing emails.

Answer from OIPC:
This office oversees the Personal Information Protection Act and the Freedom of Information and Protection of Privacy Act. I can’t really comment on Canada’s Anti-Spam Legislation (CASL) but it is my understanding that CASL doesn’t apply if the physiotherapist has an existing relationship with the client, and they aren’t trying to sell a product or service.

Subscribe to