Massage Therapy Canada

Features Education Regulations
Caring for patient data makes good business sense

What you are about to read does not constitute legal advice and each reader is encouraged to seek independent professional council.

September 27, 2013  By Jessica Foster

What you are about to read does not constitute legal advice and each reader is encouraged to seek independent professional council. It is important to note that each province has similar but not identical legislation.

We have previously touched on the topic of patient records privacy in an earlier article, but some things are just worth saying twice.

Understanding how to properly care for patient personal health information is important because many Canadian registered massage therapists (RMT) are likely in breach of legislation and may not know it. Practitioners want to better understand the issues so they can ensure their compliance.

Why is this a big deal?
As the custodian of your patient’s personal health-care data, you are responsible to ensure that you and your employees, including your third-party service companies, comply with applicable federal, provincial and territorial legislations.


Personal health information includes, but is not limited to the following:

  • patient health-care appointment records
  • information relating to the current or historical state of a patient’s health
  • any treatment information that ties a patient name with their caregiver or clinic
  • billing information related to patient treatment

In today’s electronic world there is a strong focus by businesses on offset hardware, software and support costs to a third party. For RMTs, this takes the form of using online services to book appointments, keep patient records, billing information and related practice management data. This practice is highly cost-effective, time-saving, revenue-positive and safe when done correctly.

The gist of current legislative thinking is that custodians of health-care and other personal data had best get informed and become compliant. The British Columbia government has legislated safeguards of health data. Public health data stored with U.S.-owned companies, regardless of where their servers are located, are subject to disclosure under the U.S. Patriot Act. B.C. enacted laws to ensure organizations that maintain and control personal information verify it is stored only in Canada, under Canadian ownership.

If you ask your Canadian service provider to “synchronize” your patient appointment calendar to your Google personal calendar, don’t be surprised if they advise against storing your patient data on U.S.-owned servers. An RMT would need to get informed and expressed consent from each patient – explaining to patients that their records are stored on foreign-owned servers and are not protected under Canadian privacy legislation. You also need to include this disclaimer in your privacy policy and post it where it can be viewed.

It isn’t hard to imagine that a successful practice would lose patients once they have been informed that their health-care records are subject to foreign privacy laws.

Where is legislation headed?
Ontario Bill 78, the Electronic Personal Health Information Protection Act 2013, has passed its first reading and is awaiting its second. The goal of this legislation is to establish electronic record keeping, security and privacy requirements for better integration and to secure the sharing of patient data amongst professionals.

There are also requirements for health information custodians (including RMTs) with respect to obligations and penalties. In addition, it confers new powers for the Information and Privacy Commissioner. For example, for those who breach privacy legislation and are convicted, liabilities will double under the bill – up to $100,000 for an individual and up to $500,000 for an organization.

Other provinces may adopt similar changes.

To be competitive, RMTs should adopt and take advantage of online services that enhance their practice – they are secure, cost-effective and can provide you and your patients significant benefits. Just be informed and choose your service partners wisely.

Until next time, be well.

Jessica Foster writes on behalf of mindZplay Solutions Inc., a provider of massage therapy websites and practice management solutions. To learn more about mindZplay solutions for massage therapists visit or call toll free 888-373-6996.

Print this page


Stories continue below