What is confidentiality in health care?

Download PDF Print

PDF download is not available for Arabic and Urdu languages at this time. Please use the browser print function instead.

Learn more about confidentiality and your rights when it comes to sharing your personal health information (PHI).

Key points

  • Confidentiality means to keep information private.
  • By law, your personal health information (PHI) is confidential and cannot be shared with others without your permission.
  • Some information may have to be reported to the proper authorities if it is related to your safety and the safety of others.
  • Health-care providers involved in your care are allowed to discuss your PHI with each other.
  • At any time, you may request your PHI be placed in a locked box. This means your information may only be accessed and shared by health-care providers with your consent.

Confidentiality: Keeping your information private

Confidentiality means to keep something private. For example, you may tell your best friend that you have a crush on someone and ask them to keep that information private or in confidence. This means you do not want your friend to tell anyone else.

When it comes to your personal health information (PHI), health-care providers have to follow a set of laws that specify that your health information cannot be shared with others without your permission. These laws also specify information that cannot be kept private by a health-care provider for safety reasons.

Personal health information

In general, all of your health-care providers, including doctors, nurses, pharmacists etc., must keep your PHI private. PHI includes things such as your name, birthday, upcoming appointments, medical history, medications, and lab results.

In Ontario, any person who is capable of making decisions about their health has the right to keep their PHI private. For people who are not capable of making their own health care decisions, such as babies or young children, their PHI can only be shared with their substitute decision makers, usually their parents or caregivers. As a teenager who is becoming more mature and more capable of making your own decisions, know that health-care providers are not allowed to share your PHI with anyone else without your permission. This includes your parents/caregivers! There are some exceptions to this rule. There are some special circumstances under the law where a health-care provider cannot keep information private or may be allowed to share your PHI with another health-care provider.


Some information cannot be kept private

Under the law, there is some information that your health-care providers cannot keep confidential, even if you ask for the information to be kept private. Health-care providers have a duty to protect you and to protect other people; so, information related to your safety and the safety of others may have to be reported to the proper authorities. This is called a duty to report.

In Ontario, if you are 16 years old or younger, health-care providers are required to report the following information to child protective services:

  • if you say that you are going to seriously hurt yourself
  • if you say that you are going to seriously hurt another person
  • if you say that someone is hurting you, for example, physically or sexually abusing you

In Ontario, for all people over the age of 16, health-care providers are required to report to the authorities:

  • if you say that you are going to seriously hurt yourself
  • if you say that you are going to seriously hurt another person

Similarly, a health-care provider is required to make a report to the Ministry of Transportation for anyone who has a condition that may make it unsafe for them to drive. This may include a medical condition, such as epilepsy, or a mental health condition, such as a substance use disorder.

Circle of care and the lockbox

Health-care providers are allowed to share your PHI with other health-care providers who are caring for you. For example, you may see a nurse and a doctor in the same clinic. They are allowed to discuss your health information with each other because they are both providing care to you. This is called the circle of care. The circle of care allows your PHI to be shared between health-care providers who are providing care to you, without needing your consent every time information needs to be exchanged. If a health-care provider is not directly providing care or a health service to you, the nurse and doctor are not allowed to share your information with them because they are not in your circle of care.

Sometimes, your PHI may be stored in electronic provincial databases that can be accessed from different institutions. Even though your information can be viewed from multiple places, only the health-care providers in your circle of care can retrieve your PHI from these provincial databases. If your information is stored in separate institutional databases, health-care providers will need your consent before sharing your PHI between them. For example, if you see a specialist in a different clinic and they request records from your family doctor or regular pediatrician, they can only obtain your records with your permission. Usually, you will be asked to sign a form called a release of information form, which gives permission for your health-care provider to get your records from another health-care institution.

You can block health-care providers from sharing your information even within your circle of care. At any time, you can request any portion of your PHI to placed in a lock box. PHI within a lock box can only be accessed by health-care providers with your consent. Any person in Ontario who is capable of making their own health-care decisions may put any part of their PHI in a lock box. The only time when a health-care provider can access information in a lock box without your permission is in an emergency.

Last updated: November 10th 2021