BlogImage

Lad_Kucis

by: Lad Kucis 

Many RMTs choose to include contact forms directly on their websites so potential new patients can connect with them directly about booking a first appointment. Many of these forms require patients to select the type of health care services a potential patient is seeking, e.g. massage therapy, and include a space to fill out information about the reason the individual is seeking health care.

This would be considered personal health information and is subject to the regulations under the Personal Health Information Protection Act, 2004 (PHIPA), which outlines the rules for how personal health information can be collected, used, and disclosed.

(Image Credit: Elevated Business Solutions)

Under PHIPA, health information custodians are required to obtain consent from persons for the collection and use of personal health information.

As such, massage therapists would be well advised to insert a consent statement at the bottom of their website contact forms, confirming that the prospective patient is providing their consent to the collection and use of their information for the purpose of ascertaining the possibility of providing health care services. It would also be prudent to include a hyperlink to your Privacy Policy and website Terms of Use, which sets out how you protect personal health information.

As many RMTs use third party companies to create or manage their websites, including through platforms such as WordPress, Wix, Squarespace, etc., the information from website contact forms may be stored on the servers of these companies, some of which are located outside of Canada. This information may also be visible to individuals working at these third-party companies. Patients should be advised of any such information, and it should be included in the Privacy Policy.

As a health information custodian, you are responsible for the conduct of your agents, which would include the third-party company you use to manage your website, or anyone else who acts on your behalf with respect to personal health information. This is why it is important to have a contractual agreement with anyone who may have access to personal health information on your behalf, even if it is the information submitted through a website contact form, confirming that they will comply with all the requirements put in place by PHIPA to safeguard personal health information.

Furthermore, RMTs would be well advised to limit the extent of personal health information collected on website contact forms (i.e. fewer questions, less space for comments, etc.) and should restrict the use of the form to investigating the possible provision of health care services and to contacting the prospective patient in respect of that item (i.e. it should not be used to obtain consent for marketing or fundraising). In addition, if possible, RMTs should take steps to delete the information once it is no longer required.

It is important that RMTs are keenly aware of their obligations under PHIPA. In the context of website contact forms, they must ensure that they obtain consent to collect and use personal health information and ensure that any information collected is appropriately safeguarded, in accordance with PHIPA. If you use a third-party company to manage your website, you should alert and obtain consent from patients regarding this item (i.e. through the Privacy Policy, etc.) and ensure that the company is protecting the personal health information.

The protection of personal health information is an extremely important item and a failure to take act in accordance with legal requirements can result in a fine or other penalty under PHIPA, a civil action, and/or an investigation by the College of Massage Therapists of Ontario.

About the Author

Lad Kucis is certified by the Law Society of Ontario as a specialist in health law and provides advice and representation to registered massage therapists in respect of all types of regulatory matters, including complaint and disciplinary matters before the CMTO, and complaint reviews before the Health Professions Appeal and Review Board.

Lad can be reached by telephone at 416.864.3114 or by email at lkucis@grllp.com.

* This article has been prepared for information purposes only and is not intended to be construed as legal advice.