Originally published in Volume: 1 Issue: 3 of HeadLines
This scenario presents some potential challenges.
Consent may be more complicated than might initially meet the eye. The clients in such a situation could decide to enter the relationship because of a perceived expectation by the therapist that they will agree and not want to disappoint the therapist by declining the invitation. For this reason, if this were to occur, such an opportunity would have to be presented in an entirely neutral manner.
To be fully informed consent, each client would have to be made aware of all the potential benefits and risks. These benefits would obviously include mutual support. On the downside, entering a relationship in which the client could be taking on further emotional (and perhaps other) demands should be presented as a risk to their own therapeutic relationship with the therapist and consequently to their therapeutic progress.
Confidentiality could also become a challenge when clients are introduced and encouraged to communicate. While each client would know that the other was seeing the same therapist, the therapist would have to be vigilant not to share any information about the other client without authorization. This would become difficult if they wished to talk about the other client or about interventions being used with them and it could become difficult to avoid inadvertently providing information, even in refusing to actively answer certain questions that could be posed. Even if information about one client was never disclosed to the other, the therapist would have to be vigilant about avoiding the collection of information about one from the other without consent. Even with full consent, collection of such information could pose challenges to professional objectivity, if information arose about any conflict arising between these individuals or any adverse information about them. This would become a dual relationship in the same way as working with clients who are relatives or friends of one another would, and it’s best to avoid dual relationships.
There are no specific prohibitions against introducing clients, but these are some of the challenges in managing such an intervention, without the safeguards of therapist mediated interaction between clients, as might occur in a therapist mediated mutual support group.
Originally published in Volume 2 Issue 1 of HeadLines.
The answer to this question depends upon various decisions made by the organization, including who is the Health Information Custodian (HIC), a term which is used and defined in the Personal Health Information Protection Act, 2004 . For the purposes of answering this question, either a health care practitioner or a person who operates a group practice of health care practitioners may be a HIC. There may only be one HIC and it should be the person who will have ultimate responsibility for the collection, use, disclosure, security, and retention of the information. .
The HIC must ensure that their identity is made clear to all concerned, including the client. A client must provide informed consent for a specified individual or organization to collect information about them.
A Health Information Custodian may have an “agent”. This is defined in PHIPA as a person that, with the authorization of the custodian, acts for or on behalf of the custodian. The HIC may, for example, appoint the service provider working in the HIC’s organization to be their agent.
Copies of information may be shared with those with a need to have the information in their possession but may only be provided to anyone other than the HIC or agent with client consent. The number of copies of the same information is directly correlated to the risk of loss or unauthorized access to the information. The fewer number of copies there are of a document, the lower the risk of loss or unauthorized disclosure.
There is no prohibition against storing information in more than one file/location. Standard 9.1 of the Standards of Professional Conduct, 2017 requires that a member must make best efforts to ensure that the member’s records are complete and accessible; this applies whether the record is kept in a single file or in several files and whether the record is housed in one location or at several locations. It is suggested that when records are not maintained in one file or location that a note is placed in each location indicating the location(s) of any other information.
Originally published in Volume 2 Issue 1 of HeadLines.
In the practices of most members, the answer to this question can be found in the Health Care Consent Act, 1996 (HCCA) and the Personal Health Information Privacy Act, 2004 (PHIPA).
One must first establish whether the child has the capacity to make their own independent decisions in these situations. The HCCA and the PHIPA do not specify chronological ages of consent but instead set out the test for determining whether any individual, including a child, is capable of making their own health care decisions. The determination of capacity must be made by the Health Care Provider or the Health Information Custodian, as the case may be. The analogous tests for capacity to be applied are set out in section 4 of the HCCA and section 21 of PHIPA, respectively.
If the child is not believed to be capable, a substitute decision-maker for the purpose of the HCCA is generally deemed to play the same role with respect to PHIPA.
Section 20 of the HCCA and Section 26 of PHIPA provide specific advice with respect to the hierarchy of potential decision-makers when a child is not believed to be capable of making their own decisions. It also sets out the mechanisms for deciding what must happen when a person with the right to make decisions is not available or willing to assume decision-making responsibility. The legislation also addresses what to do if there is conflict between two individuals having equal ranking in the hierarchy.
Generally, a parent can give or refuse consent on behalf of an incapable child unless this authority has been lawfully granted to a children’s aid society or other person. If both parents do not have the same rights under an Agreement or Order, a parent with custodial rights prevails over a parent who has only a right of access. In situations where the statute does not spell out clearly which parent is entitled to make the decision, statutory interpretation is necessary. Given the high stakes for all individuals involved, the most prudent course of action is to obtain independent legal advice.
The College’s August 2005 Bulletin provides additional guidance with respect to this issue.
The answer to this question requires interpretation of legislation and College staff are not qualified or authorized to provide legal advice. Members who are considering refusal of a specific request for information may wish to obtain independent legal advice, given that release of confidential information, or the refusal to do so, can be a high-stakes decision for all concerned. The following information may be of assistance in obtaining legal consultation.
The Personal Health Information Protection Act, 2004 (PHIPA) sets out the applicable rules to be considered when addressing a request for personal health
information.
Personal Health Information is defined, in section 4.(1)(a) of the Act, as information that “relates to the physical or mental health of the individual, including information that consists of the health history of the individual’s family. . .”
Section 1 (b) of PHIPA states that one of the purposes of the Act is “to provide individuals with a right of access to personal health information about themselves, subject to limited and specific exceptions set out in this Act”. The Act also provides that information an individual is entitled to access can be provided to another party, with the consent of the individual or of the individual’s authorized substitute decision-maker.
Whenever faced with a decision about whether to provide access to information contained in a client record, it is a good idea to review the list of exceptions to the requirement to do so. These exceptions are set out in in Section 52(e) of the Act where one is not required to allow access to information if,
(e) granting the access could reasonably be expected to,
i. result in a risk of serious harm to the treatment or recovery of the individual or a risk of serious bodily harm to the individual or another person,
ii. lead to the identification of a person who was required by law to provide information in the record to the custodian, or
iii. lead to the identification of a person who provided information in the record to the custodian explicitly or implicitly in confidence if the custodian considers it
appropriate in the circumstances that the identity of the person be kept confidential;
The Act, section 52(2) goes on to say that a health information custodian may provide only parts of a person’s record “that can reasonably be severed from the part of
the record to which the individual does not have a right of access”. When a decision is made to sever part of a file before releasing the record, section 54 of the Act provides
specific guidance about how to do this.
The Information and Privacy Commissioner of Ontario recently considered a complaint about an agency’s refusal to grant one family member access to the entirety of a family’s therapy records. In PHIPA Decision 158, the Commissioner found that the Personal Health Information (PHI) of each family therapy participant is theirs alone and not PHI of the other therapy participants. They went on to say that family therapy records may contain “communal” or “shared” information that can form part of each participant’s PHI. Communal or shared information was described as information about family health history, overall family relationships or dynamics, as well as general themes that arose in the course of family therapy.
The Commissioner ultimately decided that the complainant’s right of access under PHIPA was limited to only to PHI that can reasonably be severed from the records. The Decision explains that the Act is intended to enable individuals to access information about their family health history allowing them to make informed decisions about their own health care but that anything beyond shared or communal information, may have been collected with an expectation that it would remain confidential.
The Decision further explained that this best respects the confidentiality of that information; fosters trust between family therapy participants and custodians; promotes participant autonomy over access to their own personal health information; and promotes candid discussion and unguarded participation in family therapy sessions.
The Decision indicated that the right of access to information is limited by section 52(3), of the Act, which provides that an individual will only have a right of access to an entire record if the record is “dedicated primarily” to their personal health information. The following examples of factors to consider in determining whether a record is “dedicated primarily” to the personal health information of a requester are provided:
- the quantity of personal health information of the requester in the record;
- whether there is personal health information of individuals other than the requester in the record;
- the purpose of the personal health information in the record;
- the reason for creation of the record;
- whether the personal health information of the requester is central to the purpose for which the record exists; and
- whether the record would exist “but for” the personal health information of the requester in it.
The following “best practices” are suggested within the Decision:
- At the outset of therapy, establish ground rules for what can be discussed, what information will be recorded, and who will have access to the records;
- Document this understanding in the health record;
- Identify documents (including chart notes) that relate to one participant and those that relate to all participants; and
- When considering requests to access family or group therapy records, refer to documented informed consent and other records to identify participants’
expectations, and categorize records as communal or relating to one or more participants before granting access to any records.
The answer to this question depends upon who has been identified as the Health Information Custodian. Under the Personal Health Information Protection Act, 2004 (PHIPA), it is possible that either a health care practitioner or a person who operates a group practice of health care practitioners can act as the Health Information Custodian (HIC). While either is possible, only one must be established at the onset of services. Generally, this will be the particular individual or entity they authorize to collect their Personal Health Information.
If, in this scenario, the operator of a group practice is not the HIC, then, the following Standard is applicable:
4.1 Responsibility of Supervisors of Psychological Service Providers
If members are supervising psychological services provided by a member holding a certificate for supervised practice or any other unregulated or regulated service provider who is not an autonomous practice member of the College, the clients are considered to be clients of the supervisor…
It then follows that the records are considered to be the records of the supervising member. This is supported by the following additional Standard:
9.1.2 Members Responsible for Supervising Supervised Practice Members and Non- Members
Members supervising Supervised Practice members and non-members are responsible for the security, accessibility, maintenance, and retention of records.
If the organization is not the HIC, at the end of the engagement, in most case it is the supervising member who is the HIC and the records must remain with them for the required retention period.
The question of the release of raw test data involves an understanding and interpretation of the Personal Health Information Protection Act (PHIPA) which speaks to responding to requests for personal health information. It should be noted that the College does not provide legal advice or legal interpretations of legislation but recommends that members seek legal advice on such matters. While not providing legal advice, the College does offer some comments which may be helpful in understanding this question and informing the discussions with legal counsel
The Personal Health Information Protection Act (PHIPA) gives a client, or legal guardian, the right of access to, or the right to consent to the disclosure of, his/her personal health information. This would include much of the information in the psychology file. There are some exceptions, however, to this right. These include information that could pose a risk of harm and confidential third party information. As well, “raw test data from standardized psychological tests” [PHIPA 51.(1)] is excluded from this right. Therefore, the legislation does not appear to provide a right to access raw data.
In considering PHIPA 51.(1), it is important to recognize the distinction between a right and a permitted disclosure. There does not appear to be any statements in PHIPA that prohibit the release of “raw test data from standardized psychological tests”. The difference to be understood is between what the client may have a right to obtain, and what they may be permitted to receive. In this regard, the legislation is permissive, rather than prescriptive.
Recognizing this permissive language in the legislation, the College position related to the release of raw test data may be found in Principle 10 – Assessment and Intervention of the Standards of Professional Conduct; specifically section 10.8. This section notes that the College recommends that when the request is reasonable and appropriate, and with proper authorization, the raw data should be released to clients and others.
It is important to note that Principle 10.8 emphasizes the member’s responsibility to distinguish between raw test data from standardized psychological tests and test materials or forms. This suggests that test protocols, test items, summary sheets, etc., most of which are materials copyrighted by the publisher, should not be reproduced based on voluntary consent. Rather, one may have to recopy the information ensuring not to include any copyrighted materials. Of course, should one receive a court order, summons to appear and bring materials to court, or some other legal vehicle compelling the release of the entire file, then this could also include the raw test data protocols. In such cases, members are encouraged to consult with legal counsel and/or the test publisher.
Originally published in Volume: 1 Issue 4 of HeadLines
In determining the appropriate record keeping requirements it’s important to consider what is meant by “consultation”. Sometimes, those using the title “consultant” are actually providing direct services to individuals. For example, this would be the case if the service involved interviewing clients of an agency and providing an assessment of their treatment needs. The member would, in such a situation, be required to create a client record in accordance with section 9.2 of the Standards of Professional Conduct, 2017. Even if, by virtue of the administrative arrangements, the client is also a client of the agency and agency is the Health Information Custodian, the definition of client in the Standards is applicable:
Client: an entity receiving psychological services, regardless of who has arranged or paid for those services. A client can be a person, couple, family or other group of individuals with respect to whom the services are provided. A person who is a “client” is synonymous with a “patient” with respect to the administration of the Regulated Health Professions Act (1991).
If involvement in a case was limited only to discussing the client with the clinician providing the direct client care, it is more likely that the consultation met the definition provided in the Standards: Consultation: the provision of information, within a relationship of professionals of relatively equal status, generally based upon a limited amount of information that offers a point of view that is not binding with respect to the subsequent professional behaviour of the recipient of the information.
If acting as a consultant, as it is defined above, then the following requirements regarding contents of records apply:
9.3 Organizational Client Records
- A member must keep a record related to the services provided to each organizational client.
- The record must include the following:
a) the name and contact information of the organizational client;
b) the name(s) and title(s) of the person(s) who can release confidential information about the organizational client;
c) the date and nature of each material service provided to the organizational client;
d) a copy of all agreements and correspondence with the organizational client; and
e) a copy of each report that is prepared for the organizational client.
Even though the phrase “nature of” each material service, is not defined above, most prudent members record enough information to indicate the nature of the problem discussed and the nature of advice given.
Standard 9.4 provides the record retention requirements with respect to organizational records:
2) The organizational client record must be retained for at least ten years following the organizational client’s last contact. If the organizational client has been receiving service for more than ten years, information contained in the record that is more than ten years old may be destroyed if the information is not relevant to services currently being provided to the client.
We’ve heard about this incorrect position from enough people to assume that, at some time in the past, it must have been promulgated widely. While the legislation permits one to refuse access to personal health information in some limited circumstances, including raw data from psychological tests, it does not prohibit one from allowing access to it. In many cases, it is expected that raw data will be provided, even with non-members.
A list of exceptions to the right of access to personal health information can be found in section 52 of the Personal Health Information Protection Act (PHIPA), 2004. Most of the exceptions relate to the expectation of serious risk associated with the disclosure.
Members who have insufficient cause to withhold raw data may have concerns about the risk of releasing the information to those who are not sufficiently trained to interpret it. In such cases, members are advised to attach a statement to the raw data indicating that raw data from standardized tests can lead to incorrect conclusions, and that this information should only be interpreted by those who are regulated psychological service providers with adequate training and experience in the interpretation of test results.
Detailed further information about the release of raw data can be found on the College’s Professional Practice FAQ pages.
It is a client’s right to decide who their personal health information may be shared with, subject to some exceptions set out in the Personal Health Information Protection Act (PHIPA), 2004. The Office of the Information and Privacy Commissioner of Ontario has published some helpful information about the Circle of Care, a colloquial term describing how one may rely on implied consent and the Lock Box, the colloquial language used to describe how a client may limit what can be shared where one could ordinarily have relied upon implied consent. All members who have not yet reviewed these documents, should familiarize themselves with these concepts and rules.
While there may be an argument that a member is not technically violating PHIPA if they provide information based upon implied consent, it isn’t really in the spirit of the legislation to do so, particularly if one believes a client who understood their rights, might capably choose to limit disclosure of their personal health information.
If there is reason to believe that a client would not want their personal health information shared, even if they have not sought to have the information ‘placed in a lock box’, one should consider the impact of sharing the information on the therapeutic alliance or on the client’s trust of other health care professionals, if the client believes their privacy has not been respected.
This question has been answered by the Office of the Information and Privacy Commissioner of Ontario and can be found in the Frequently Asked Questions; Personal Health Information Protection Act September 2015, on page 31 of the document.
The answer reads as follows:
Yes. PHIPA permits the disclosure of personal health information without consent, if permitted or required by another law. For example, this means that PHIPA does not interfere with the Workplace Safety and Insurance Act (Act), where that Act requires a hospital or health facility, which provides health careto a worker claiming benefits under the insurance plan, to give the WSIB such information relating to the worker as the WSIB may require. This requirement also applies to a health care practitioner who provides health care to a worker or is consulted with respect to a worker’s health care. When requested to do so by an injured worker or the employer, the Act requires a health care practitioner treating the worker to give the WSIB, the worker and the employer prescribed information concerning the worker’s functional abilities.
Most of the queries we have received related to this problem have been asked in the context of an individual who is transgender, where a client may be capable of making their own decisions may not be in a position to effect a legal name change, due to age or an institutional or family situation. Ideally, such issues should be discussed as part of the informed consent process, as early as possible and preferably before beginning the assessment. If the client agrees to have both their legal and preferred names in the report, that would avoid any confusion to readers of the report with respect to who the report is about. If the client does not provide permission to note both names and there is a need to include the client’s non-preferred name, or to indicate that the name used in the report is not the same as the client’s legal name, this will require careful navigation, in order to protect the client’s dignity and to avoid making a potential misrepresentation. In such a case, it would be prudent to obtain independent legal advice before proceeding.
When addressing issues related to a trans person’s identify, the Ontario Human Rights Commission provides the following guidance:
- Preventing discrimination because gender identity and gender expression – 9 reasonable bona fide requirements
2. Preventing discrimination because gender identity and gender expression – 7 forms of discrimination
3. Preventing discrimination because of gender identity and gender expression – preventing and responding to discrimination
This article, by the APA provides some guidance for how to determine when treating two ‘related’ individuals could become problematic.
In summary, the decision about whether or not to take on individual clients who are related either through family, friendship or are involved with each other in any other way will depend on a critical evaluation of the circumstances, nature of that relationship and the potential for cross involvement at any time.
We recognize that ‘word of mouth’ is often how clients find their therapists, so it is likely that many members have clients who know each other. Each situation will likely present different risks and degrees of risk. When separately treating individuals who are friends with each other, there is a possibility that one client may want to discuss the other client for a variety of possible reasons. This could be problematic if the information they want to share is related to the issues you are treating the other person for and that information may be relevant to your formulation of the other case, regardless of whether or not it is verifiable information. In other words, this could be seen as a problem with respect to protection of both confidentiality and objectivity. Working with clients who you know to be friends with each other should be avoided whenever possible due to the complications that can arise. and increase the possibility that you may contravene the following Standards of Professional Conduct:
8.1 Collection, Use and Disclosure
Members are responsible for ensuring that consent is obtained with respect to the collection, use and disclosure of personal information and personal health information in a manner required by legislation applicable to the relevant service.
10.5 Freedom from Bias
Members must provide professional opinions that are clear, fair and unbiased and must make best efforts to avoid the appearance of bias.
13.1 Compromised Objectivity, Competence or Effectiveness Due to Relational Factors
Members must not undertake or continue to provide psychological services with an individual client when their objectivity, competence or effectiveness is, or could reasonably be expected to be, impaired. This could be due to the members present or previous familial, social, sexual, emotional, financial, supervisory, political, administrative, or legal relationship with the client or a relevant person associated with the client. This prohibition does not apply if the services are delivered to an organizational client and the nature of the professional relationship is neither therapeutic nor vulnerable to exploitation.
This article, published by the American Psychological Association provides an example of the difficulties which could arise when treating two ‘related’ individuals could become problematic.
A decision about whether to take on individual clients who are related either through family, friendship or are involved with each other in any other way will depend on a critical evaluation of the circumstances, nature of that relationship and the potential for cross involvement at any time. While treating individuals who are associated with each other is not strictly prohibited, if the community is large enough, it would be better to find another practitioner who would not be in such a potentially challenging situation.
While the College Standards set out the minimum length of time for record retention, there are no rules against keeping information indefinitely. It is not advisable though, to keep information which is not likely to be useful any longer than one needs to, due to the risks associated with unauthorized access to any record.
It’s our understanding that many members do keep a log of the files they have destroyed, with information such as you have outlined in your question. It is important to know that the information in such a record is considered Personal Health Information and that these lists themselves are subject to the same privacy legislation and Standards as the records themselves were, because they identity individuals who have received health care. If you do decide to keep such a record you might also consider including the date of destruction
The first thing to do in this situation is make a decision about whether the client has the capacity to give direction concerning the release of their personal health information. As you likely know, capacity is not directly tied to IQ scores and must be made solely on the “understand and appreciate” test which is explained in section 21 of PHIPA. It’s important to note that the threshold for capacity is lower with low-risk decisions. The understand and appreciate test was constructed for a wide range of situations covering all of the health professions and for a wide range of situations with more complex information and higher risk decisions to be made, like invasive surgeries.
If the client is not capable of making the decision regarding parental access to the assessment results, it might be better not to give the client the false impression that they have control here and then ignore their wishes if they are deemed incapable and parents are eligible to act as substitute decision makers. Even in situations like this, it is still important to involve an incapable person in the process to the extent possible.
If the client has an understanding of what the relevant information is and means, and also has an understanding of the consequences of sharing or not sharing the information, or in other words is found to be capable, then based upon your own clinical judgment, it could be very helpful to engage the three of them in discussion, with the client’s capable consent, of course.
If the client is not capable, the client would have the right to appeal the decision by the Consent and Capacity Review Board.
Having a discussion with the parents about how to deal with the results, without disclosing the results, would also require the consent of the client and this would require a determination of whether the client has the capacity to grant consent to that. This is a different decision, with perhaps a lower threshold for capacity, than the decision to share the actual results. If the client is capable of granting consent to a discussion of that nature, it could possibly help identify a helpful path forward.
This is a difficult situation. If you agreed to such a request, please contact the Quality Assurance team at the College. Depending on the circumstances, they will do their best to assist in finding a creative solution.
The College has the authority to obtain a file in the absence of client consent. This is set out in legislation and is non-negotiable. In obtaining consent to collect personal health information, which must be done before collecting the information, it is important to avoid giving the false impression that the client has any control over whether the College exercises it’s legislated duty to obtain information in procedures designed to protect the public interest, in this case, to ensure that members are practicing competently and ethically.
While it is understandable that clients want to have control over who has access to what is often their most private information, careful framing of the issue may be help avoid at least some difficulties of this nature. It may be best to let clients know that in order to provide the services they are seeking, you must maintain a file in accordance with the College’s requirements (available on the College’s website) and that, while you will protect their confidentiality where client consent is required before disclosing their personal health information, there are some situations, legislation mandates disclosure, even in the absence of consent. This is the case when review of information is required in order to protect clients and others from harm. In other words, the question is: do you agree to engage in services with the knowledge that I must keep a clinical record and that in rare circumstances the law allows access to the file without consent. It may also help to advise that this applies to any service by a regulated health professional in Ontario who is practicing ethically and lawfully.
You may also like to know that the College and all of it’s agents and staff have a strict duty of confidentiality and that in Quality Assurance matters, where the College Assessor and Reviewer may have access to the client’s identity, the College staff and Committee members reviewing the results of a Quality Assurance procedure are not given any identifying information about the clients whose files have been reviewed. The focus of the procedure is the registrant and whether the review indicated that the registrant is practicing competently and ethically.