Skip to main content

PHP Confidentiality Policy

Record keeping confidentiality and disclosure of personal health information policy

The Physician and Professionals Health Program (PHP) of the Ontario Medical Association is a confidential service. The purpose of this policy is to guide the PHP’s record keeping, confidentiality and disclosure of personal health information practices.


Caller is defined as anyone who communicates with the PHP seeking assistance.

Health Professional refers to those individuals eligible for PHP clinical services and includes physicians, residents, medical students and any health professional for whom the PHP has a Memorandum of Understanding with his or her regulatory College and/or professional association.

Monitoring refers to participation in a PHP monitoring program through a contractual agreement by an eligible health professional.

Formal Referral is a referral by the PHP for inpatient or outpatient treatment or an independent clinical assessment.

PHP Clinical Team includes the PHP Medical Director, the Associate Medical Director(s), and Case Managers.

Record Keeping:

A record will be created for every caller who contacts the PHP. Callers who wish to remain anonymous will have a record kept under an anonymous label.

All information obtained from a caller will be handled in accordance with the Personal Health Information Protection Act, 2004 (PHIPA).

The PHP retains its clinical records for a minimum of 15 years from the date of last activity. Records are stored securely in accordance with PHIPA.

Following a period of 15 years, the clinical record may be destroyed.


Callers may remain anonymous and still receive many PHP services, including referral to community services. However, the Health Professional’s name is required in order to receive the following services from the PHP: formal referral, a letter documenting contact with the PHP, direct intervention (see Direct Intervention Policy), or monitoring.

When someone calls with concerns about a Health Professional, the caller will not be encouraged to reveal the name of the Health Professional unless necessary.

In the event of someone calling about a Health Professional and the Health Professional’s name is provided, the information obtained by the PHP could be accessed by the Health Professional who is the subject of the call, in accordance with the PHIPA.

PHP Clinical Team members routinely share information obtained from callers with each other in order to provide the best possible service.

Electronic Communication:

Callers contacting the PHP may choose to communicate with the PHP via electronic means, such as email and video conferencing. There are inherent risks to confidentiality, privacy and security with the use of these forms of communication.

The PHP cannot control or limit individuals from contacting it via email and assumes no risk for the content of others’ emails. When responding to an email request, the PHP will assume that there is implied consent by the sender for the PHP to respond via email even though no email communication is secure. Monitored health professionals may be asked to sign a consent form to use email communication or video conferencing.

A record will be kept of all communication received or sent via email to the PHP. This information will be added to the personal health record kept by the PHP on every person contacting the PHP for assistance, including anonymous contacts. As such, communications will be kept in these personal health records, and they will be subject to the confidentiality and privacy requirements of the PHIPA. By signing PHP consent to use email communication or video conferencing, individuals acknowledge that they are aware of the risks inherent in the use of these forms of communication and agree to assume those risks. This consent may be cancelled at any time in writing.

Recognizing the growing use of email communication in health care, several of the regulatory authorities (Colleges) have issued policies regarding the use of email communication. Health professionals are encouraged to consult their respective regulatory authority for further guidelines in using email communication.

Social Media:

The term “social media” refers to web and mobile technologies and practices that people use to share content, opinions, insights, experiences and perspectives online. There are many prominent examples of social media platforms; including Facebook, Twitter, YouTube, and LinkedIn, among many others. It should be assumed that all content on the internet is public and accessible to all.

The PHP has a responsibility to maintain the privacy and confidentiality of individuals seeking its services and to maintain appropriate professional boundaries. PHP staff will not create online social connections with health professionals monitored by the PHP.


The PHP will not communicate about a caller with anyone other than the caller unless the PHP is in receipt of a signed consent. This includes communication with a regulatory authority governing a health professional or the party who referred a Health Professional to the PHP.

Health Professionals who enter into a monitoring program with the PHP consent to the communication and exchange of information between all individuals and institutions as stipulated in his/her contract. Monitored Health Professionals who are non-compliant with the relevant monitoring policy, or the PHP’s Work Interruption and Return to Work Policy or Premature Termination Policy may be reported directly to the appropriate regulatory authority.

There are circumstances under which the PHP may disclose personal health information without consent as per PHIPA. These exceptions to confidentiality include the following:

  •  As required by court order, subpoena, summons or coroner’s warrant
  •  Disclosure related to risks

While there is no specific legislation dealing with one’s obligation to intervene or to warn if there is a significant risk of serious physical harm to self or others, members of the PHP Clinical Team will follow the guidelines as suggested for physicians by the College of Physicians and Surgeons of Ontario’s policy statement (#8-05), which states, “…a physician may disclose personal health information about an individual if the physician believes, on reasonable grounds, that the disclosure is necessary to eliminate or reduce a significant risk of serious bodily harm to a person or group of persons.”

The disclosure may be made to 911 or other emergency service and in some instances, to the intended victim(s).

Statutory Mandatory Reporting Requirements:

Child and Family Services Act

During the course of communication with a caller, or at any time during contractual monitoring of a health professional, if a member of the PHP staff has “reasonable grounds to suspect that a child falls into one of 13 categories set out in subsection 72(1) of the Child and Family Services Act”, the staff member must report the suspicion and the information on which it is based to a CAS immediately.

Highway Traffic Act

Members of the PHP Clinical Team who are legally qualified medical practitioners are required to report to the Registrar of Motor Vehicles
 “the name, address and clinical condition of every person sixteen years of age or over attending upon the medical practitioner for medical services who, in the opinion of the medical practitioner, is suffering from a condition that may make it dangerous for the person to operate a motor vehicle (HTA, Section 203 (1)).

Regulated Health Professions Act, 1991

A member of the PHP Clinical Team who is governed by one of the health professional regulatory Colleges has a mandatory obligation to report information received regarding the sexual abuse of a patient by a regulated health professional, to the appropriate College of the regulated health profession, within 30 days of receipt of that information.

Health Protection and Promotion Act

A member of the PHP Clinical Team who is a regulated health professional has an obligation to report information to the Medical Officer of Health should they form the opinion that a caller may have a reportable disease or the person may be infected with the agent of a communicable disease.

In the event that a situation is encountered where the treating physician of the caller has not reported and the caller is a health professional, it may be necessary for the PHP Clinical Team member to inquire about the scope of the health professional’s practice and the precautions which are being undertaken to protect patients. In this situation, the Medical Director will be notified and the case reviewed on an expedited basis.