Privacy and Confidentiality (Standard)

Previous Updates: N/A
Date Approved: February 9, 2021

Standard of Practice: Privacy and Confidentiality

Bolded terms below are found in the Glossary.

Client Outcome

The client’s personal health information, privacy and confidentiality are securely protected.

Registered Massage Therapist Outcome

The Registered Massage Therapist (RMT/MT) always maintains the privacy and confidentiality of clients and the client’s personal health information.


The RMT must:

  1. Comply with the Personal Health Information Protection Act, 2004 (PHIPA).
  2. Understand that the rules governing consent to decisions involving personal health information are found in PHIPA and are different from those governing consent to treatment found in the Health Care Consent Act, 1996 (HCCA) (please see Standard of Practice: Consent).
  3. Understand that under PHIPA, in order for consent to be valid to collect, access, use or disclose personal information, RMTs must ensure that:
    • it is reasonable to believe that the client knows the purpose of the collection, use or disclosure, and that they may give or withhold consent;
    • the consent relates to the personal health information; and
    • the consent is not obtained through deception or coercion.
  4. Understand that under PHIPA, the RMT must obtain consent to collect[1], access, use or disclose personal health information, and the RMT must:
    • obtain the client’s consent before disclosing personal health information to a person outside the client’s circle of care; and
    • understand that the RMT can rely on the client’s implied consent to disclose the personal health information within the client’s circle of care for healthcare purposes, unless the RMT has reason to believe that the client has expressly withheld or withdrawn consent to do so.
  5. Obtain consent from the client’s substitute decision-maker for the collection, use or disclosure of personal health information if the client is incapable.
  6. Only collect, use or disclose personal health information that is necessary to meet the client’s health needs or to eliminate or reduce a significant risk of bodily harm.
  7. Only provide access to personal health information to authorized persons, except as required or allowed by law.
  8. Allow clients to access their own personal health information.
  9. Only discuss the client’s personal health information in a way that ensures the client’s privacy (for example, avoid treatment-related conversations in non-private places).
  10. Use any electronic communication, social media, client booking and management software and other forms of digital technology ethically and professionally, in a way that protects client privacy and confidentiality.
  11. Store, share, transfer and dispose of client data on personal devices in a way that maintains the privacy and confidentiality of clients.
  12. Comply with requirements for mandatory reporting of privacy breaches.
  13. Disable all audio, video or photographic transmitting and recording functions of all devices in the room, unless:
    • the RMT obtains informed consent for the use of audio, video or photographic recording equipment; and
    • the recording functions are for assessment, treatment and/or educational purposes.

Relevant Legislation and Regulation

Related Career-Span Competencies (CSCs)

[1]In certain situations, consent to collect personal health information can be implied, such as when a client voluntarily completes and returns a health history form to the RMT.

Back to Top
Social media & sharing icons powered by UltimatelySocial