There are federal and provincial laws on privacy governing private health care practitioners in Ontario. Every private health care practitioner who is in independent practice should be aware of the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Health Care Consent Act. Everyone who has a private, independent practice will need to have the following documents on file:

  • A full privacy policy, and an appointed privacy officer (Christina Crowe, for Dig A Little Deeper, Psychotherapy & Counselling).
  • A brochure or outline of the information contained in this document, available to clients (in our case, linked to on our website). This information needs to on to them in “user-friendly” language; and
  • A consent/confidentiality agreement, signed by the client, indicating that they have read, understood and have agreed to the contents.

The Information and Privacy Commissioner of Ontario is responsible for overseeing and enforcing the following provincial access and privacy laws:

  • Freedom of Information and Protection of Privacy Act, Ontario’s provincial public sector privacy law;
  • Municipal Freedom of Information and Protection of Privacy Act, Ontario’s municipal public sector privacy law;
  • Personal Health Information Protection Act, 2004, Ontario’s privacy law relating to health records that has been that has been deemed “substantially similar” to the federal private sector privacy law with respect to health information custodians.


Confidentiality is also an important legal concept that applies to all regulated health professionals, including Registered Psychotherapists. The Personal Health Information Protection Act, 2004 (PHIPA) establishes the rules relating to confidentiality and privacy of personal health information in Ontario. PHIPA requires that personal health information be kept confidential and secure. 

Please note, in accordance with PHIPA (Ontario’s Personal Health Information Protection Act) the consent must be signed by the patient if they are 12 years of age or older. Parental consent is accepted if the patient is less than 12 years of age, or is incapable of consenting. If there is a conflict between the child and the parent, the capable child’s decision prevails with respect to consent. 




Dig A Little Deeper, Psychotherapy and Counselling (DALD) and members of the DIG Team manage a number of social media accounts for the purposes of providing free and accessible educational content & resources for the general public and to advertise services provided by Dig A Little Deeper.  The information provided and any engagements made with that information, or DIG Team members through social media, does not reflect a therapeutic or professional relationship.  Further, the information provided is implemented by readers at their own risk and is not considered a substitute for psychotherapeutic treatment for serious conditions. 

Dig A Little Deeper, Psychotherapy & Counselling and members of the DIG Team do not routinely monitor social media and these channels are used mostly for broadcast purposes only. Thus, viewers are informed that they should not attempt to contact Dig A Little Deeper, Psychotherapy & Counselling Team members through social media channels.  Viewers should not share confidential health information for their own privacy interests in comments or by direct messaging (DM). Therapists will generally not be able to provide any direct feedback, and may not reposed to DM’s entirely. Instead, current or future clients may wish to contact our office to engage in ongoing support needs. If a reader is in crisis, they are directed to attend their local emergency room or urgent care to seek assistance.

Finally, readers should be aware that following the social media accounts of Dig A Little Deeper, Psychotherapy & Counselling and members of the DIG Team, may inadvertently compromise your privacy by no action of this office (if others can view who ‘followers’ are).  Readers should be aware that their peers and the public are able to view which social media channels an individual follows or subscribes to.

OUR PERSONAL PROFILES We cannot ethically accept ‘friend’ or contact addition requests from current or former clients on any of our personal social networking sites.  Adding clients as friends or contacts on these sites can compromise your confidentiality and our respective privacy.  It may also blur the boundaries of our therapeutic relationship.  If you have questions about this, please bring them up when we meet and we are happy to talk more about it.


You may find our practice on sites such as Google Maps, Bing, Google search, or other places which list businesses.  Some of these sites include forums in which users rate their providers and add reviews.  Many of these sites comb search engines for business listings and automatically add listings regardless of whether the business has added itself to the site.  If you should find our listing on any of these sites, please know that our listing is NOT a request for a testimonial, rating, or endorsement from clients.  This might be a compromise to your privacy and confidentiality, and our Code of Ethics also prohibits the publication of ‘endorsements or testimonials’. 

If we are working together, we hope that you will bring your feelings and reactions to our work directly into your therapy session.  None of this is meant to keep you from sharing that you are in therapy with us wherever, and with whomever, you like.  Confidentiality means that we cannot tell people that you are our client.  But you are more than welcome to tell anyone you wish that any of us are your therapist or how you feel about the treatment we provided to you, in any forum of your choosing.

If you do choose to write something on a business review site, we hope you will keep in mind that you may be sharing personally revealing information in a public forum.  We urge you to create a pseudonym that is not linked to your regular email address or friend networks for your own privacy and protection.

PIPEDA’S 10 fair information principles

PIPEDA’s 10 fair information principles form the ground rules for the collection, use and disclosure of personal information, as well as for providing access to personal information. 

Principle 1 – Accountability
An organization is responsible for personal information under its control. It must appoint someone to be accountable for its compliance with these fair information principles.

Principle 2 – Identifying Purposes
The purposes for which the personal information is being collected must be identified by the organization before or at the time of collection.

Principle 3 – Consent
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.

Principle 4 – Limiting Collection
The collection of personal information must be limited to that which is needed for the purposes identified by the organization. Information must be collected by fair and lawful means.

Principle 5 – Limiting Use, Disclosure, and Retention
Unless the individual consents otherwise or it is required by law, personal information can only be used or disclosed for the purposes for which it was collected. Personal information must only be kept as long as required to serve those purposes.

Principle 6 – Accuracy
Personal information must be as accurate, complete, and up-to-date as possible in order to properly satisfy the purposes for which it is to be used.

Principle 7 – Safeguards
Personal information must be protected by appropriate security relative to the sensitivity of the information.

Principle 8 – Openness
An organization must make detailed information about its policies and practices relating to the management of personal information publicly and readily available.

Principle 9 – Individual Access
Upon request, an individual must be informed of the existence, use, and disclosure of their personal information and be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

Principle 10 – Challenging Compliance
An individual shall be able to challenge an organization’s compliance with the above principles. Their challenge should be addressed to the person accountable for the organization’s compliance with PIPEDA, usually their Chief Privacy Officer.


Questions about privacy?

ANY questions about client privacy, should be directed to Christina Crowe, as the Privacy Officer.

Information requests from third party’s MUST have a completed Authorization to Disclose Form on file in the clients record (available from your therapist) before any communication or confirmation takes place with any outside party.