Practice Notes is an educational tool designed to help Ontario social workers, social service workers, employers and members of the public gain a better understanding of recurring issues dealt with by the Professional Practice Department and the Complaints Committee that may affect everyday practice. The notes offer general guidance only and College members with specific practice inquiries should consult the College, since the relevant standards and appropriate course of action will vary depending on the situation.
Confidentiality is a cornerstone of social work and social service work practice. When clients meet with a member of the College, they can be assured that, within certain limits, their personal information will be kept private, and not disclosed without their knowledge and consent. This legal and ethical responsibility also builds trust and rapport, and creates a safe environment in which clients are able to discuss personal and often difficult issues.
There are circumstances, however, when members may disclose client information, with or without their consent. In scenarios where clients have provided their consent, members are well equipped to share their personal information with others; however, there are limits to confidentiality which may permit or require members to disclose clients’ information without consent. While these limits may be clear in some scenarios, they may be more ambiguous in others; members may be unsure about their obligations around reporting and disclosure.
Members’ reporting and disclosure decisions must be grounded in the Standards of Practice, which state that:
College members comply with any applicable privacy and other legislation. College members obtain consent to the collection, use or disclosure of client information including personal information, unless otherwise permitted or required by law.
While disclosing client information with consent is usually a straightforward process, members may not be as familiar with all of the circumstances in which they are permitted or required to disclose client information without consent.
Members must ensure that they inform clients of the limits to confidentiality at the outset of service. At times, it may be challenging for members to understand what those limits are. The Standards of Practice state that:
College members inform clients early in their relationship of the limits of confidentiality of information. In clinical practice, for example, when social work service or social service work service is delivered in the context of supervision or multi-disciplinary professional teams, College members explain to clients the need for sharing pertinent information with supervisors, allied professionals and paraprofessionals, administrative co-workers, social work or social service work students, volunteers and appropriate accreditation bodies. College members respect their clients’ right to withhold or withdraw consent to, or place conditions on, the disclosure of their information.
Informing clients that their personal information may be disclosed to team members and other professionals involved in their case is not the only limit to confidentiality that members must discuss with clients early in the professional relationship. The topic of initial client conversations is more fully explored in the Practice Note, “Setting the Table” – Issues to Consider When Initiating Client Conversations.
Members must consider other interpretations in the Standards of Practice, as well as privacy and other relevant legislation when considering whether or not to disclose client information without consent. This article is not intended to be an exhaustive review of all the issues surrounding members’ disclosure and reporting obligations. Rather, it describes a number of practice scenarios that have come to the attention of the Professional Practice Department, in order to highlight the relevant Standards of Practice and assist members in understanding their professional obligations. Members may also wish to consult previous Practice Notes on this topic:
- Meeting Professional Obligations and Protecting Clients’ Privacy: Disclosure of Information Without Consent
- Confidentiality and Disclosure of Information without Client Consent
When reading the scenarios below, members are encouraged to view the links in the footnotes in order to access further information and resources.
Scenario 1 – Duty to warn/duty to protect
A member contacted the Professional Practice Department to discuss whether or not they were required to report information they had heard from a client in the course of a session. The client disclosed that they had a friend who had been expressing suicidal and homicidal ideation. The member was unsure whether or not they had any reporting obligations with respect to their client’s friend.
In this scenario, the member was unsure of the appropriate course of action, given that the person to whom the potential disclosure of information related was not their client; furthermore, the disclosure of this information to the appropriate authorities would also involve disclosing their client’s information.
Whenever a member is considering whether to disclose client information without the client’s consent, they should obtain legal advice; this may be available through their professional liability insurance provider or through their workplace. Members should also consider whether it is appropriate and necessary to consult with a supervisor, the risk manager or the privacy officer at their organization.
In some circumstances, members may have a common law “duty to warn” or a “duty to protect.” The “common law” refers to the law developed by judges on a case-by-case basis, through legal precedents or decisions, rather than requirements arising from statutes or legislation.
A duty to warn or a duty to protect may exist when there is information suggesting that:
- the client poses a risk to an identifiable person (including themselves) or group of people;
- the risk of harm includes bodily injury, death or serious psychological harm; and
- the risk is imminent. In order to meet this threshold, the risk must be real, severe and imminent.
When considering these situations, members should obtain legal advice as recommended above, since the existence of a duty to warn or protect is a question of law.
In the scenario described above, the member determined, after obtaining legal advice and consulting with their supervisor, that the threshold to report had not been met as it was the client’s friend, and not the client, who posed a potential risk. The member worked with the client to develop a safety and support plan that would assist them and their friend, and which identified resources, supports and strategies that the client could use, if necessary.
Scenario 2 – Reporting the sexual abuse of clients by other professionals
A member contacted the College because their client had disclosed to them that they had had a sexual relationship with their physician. The member was unsure about whether they were required to make a report to the physician’s regulatory body.
Social workers and social service workers in Ontario are regulated under the Social Work and Social Service Work Act, 1998 (SWSSWA), while more than 25 health professions are regulated under the Regulated Health Professions Act, 1991 (RHPA). All health professionals regulated under the RHPA must report to the appropriate regulatory body when they have reasonable grounds (obtained in the course of practising their profession), to believe that another professional regulated under the RHPA has sexually abused a client. This obligation exists even when the reporter is a member of a different health profession from the alleged abuser.
By contrast, under the SWSSWA, College members are required to file a report with the College if they have reasonable grounds to believe that another social worker or social service worker has sexually abused a client. Members are also required to file a self-report if they have been convicted of a criminal offence involving sexual conduct.
Members of the College do not have a mandatory reporting obligation with respect to health professionals regulated under the RHPA. Therefore, in the scenario above, the member did not have an obligation to report the physician to the College of Physicians and Surgeons of Ontario. The situation may be impacted by the fact that a member belongs to a multi-disciplinary team which includes health professionals regulated under the RHPA. Members who are part of a multi-disciplinary team routinely share information with their other team members, at team rounds, for instance. If the member were to share this client information in the context of their multi-disciplinary team, a practice which is addressed by the Standards of Practice, the professionals regulated under the RHPA may be required to review their own reporting obligations.
If a College member who does not belong to a multi-disciplinary team as described above were to become aware that a professional regulated under the RHPA was sexually abusing a client, they may wish to consider other options such as supporting the client to self-report to the appropriate regulatory body, making a report on the client’s behalf with the client’s consent, or reporting the information while withholding the client’s name and identifying information.
Scenario 3 – Reporting obligations under the Child, Youth and Family Services Act, 2017 (CYFSA) – historical sexual abuse
A member called the College’s Professional Practice Department to consult about an adult client who had disclosed that they were sexually abused by an adult when they were a child. The client had indicated to the member that they did not think that the alleged abuser had access to children currently, but could not say for sure that this was the case. The member understood that they were not required to report the historical sexual abuse to the Children’s Aid Society (CAS), but they were unsure if they were required to make a report to the police. The member also wondered if they should indicate to the CAS that they were not sure if the alleged abuser had current access to children.
Most members are quite familiar with their reporting obligations under the CYFSA, which impose a duty to report on any person, including those who perform professional or official duties with respect to children (including social workers and social service workers) if they have reasonable grounds to suspect that a child is in need of protection.
While the duty to report under the CYFSA may seem straightforward, scenarios such as the one described above can be quite complex.
The member was advised by Professional Practice staff to reflect on Principle II: Competence and Integrity, Interpretation 2.1.3, which states that “College members maintain current knowledge of policies, legislation, programs and issues related to the community, its institutions and services in their areas of practice.” Upon review of this interpretation, the member noted that they were not aware of any legislation that would require them to report this information to the police. The member also realized that they did not have the client’s consent, so reporting this information to the police would therefore be a breach of the client’s confidentiality. The member determined that they would further explore this issue with their client and offer to support them if they wished to make such a report.
The member then raised the question of whether or not they should provide information about the client’s alleged abuser to the CAS, without disclosing identifying information about the client. The member told Professional Practice staff that they had explained this potential limit to confidentiality to their client, because if the alleged abuser had current access to children, they would have reasonable grounds to suspect that a child was in need of protection on the basis of the historical sexual abuse.
As in the previous scenarios, Professional Practice staff advised the member to obtain legal advice and to consult with their supervisor in order to make a decision regarding their duty to report. The member also decided to contact the intake department at the CAS to find out if they could provide information about the alleged abuser without naming their client; the CAS would then be in a position to decide if this case met their criteria for investigation.
Scenario 4 – Reporting obligations under the CYFSA – clients aged 16 or 17
The Professional Practice Department was contacted by a College member who was working with a 16-year-old client. The member reported that they had reasonable grounds to suspect that this client was in need of protection, but was unclear about their reporting obligations with respect to a client of this age.
As discussed above, members have a duty to report under section 125 of the CYFSA; this duty to report does not apply to a child who is 16 or 17 years of age, however. With respect to reporting requirements for older children, section 125 subsection 4 indicates that a duty to report does not apply to older children, but a person is permitted to make a report in respect of a child who 16 or 17, if they have reasonable grounds to believe that they are in need of protection.
Members should be aware that the CYFSA takes into consideration that a different approach is needed for youth aged 16 and 17, and focuses on protecting them and encouraging their voluntary participation in service. If in the course their practice, a member was to encounter a 16- or 17-year-old who was in need of protection, and the client did not voluntarily agree to a report being made, the member would need to apply their professional judgment in deciding whether or not to make a report.
In light of this information, the member in the scenario above decided to speak to their client about contacting the CAS voluntarily to discuss their situation; if the client were to decide to take this step, the member would offer them support, resources and advocacy throughout and after the reporting process.
Scenario 5 – Reporting obligations under the Personal Health Information Protection Act, 2004
A member in private practice contacted the Professional Practice Department to discuss next steps in relation to a privacy breach. They explained that they had accidentally sent information about one client to another client. The member stated that this happened because they had started to type the email address of the intended recipient, and inadvertently clicked on a similar email address that automatically populated the field from their online address book.
This scenario – which is typically very upsetting for members and for affected clients – has been the subject of an increasing number of calls to the Professional Practice Department in recent years. Under the Personal Health Information Protection Act, 2004 (PHIPA), there are required steps for members to take in this situation.
In the event of a health privacy breach, a health information custodian (HIC) is required under PHIPA, with limited exception, to notify the affected client at “the first reasonable opportunity” of the theft or loss of their personal health information. HICs must advise their client of the right to file a complaint with the Information and Privacy Commissioner of Ontario (Privacy Commissioner).
Members who work for organizations that are HICs, like hospitals, are required to notify their organization at “the first reasonable opportunity” if they were responsible for personal health information that was lost, stolen, used or disclosed without authority.
In certain circumstances, members are required to report health privacy breaches to the Office of the Privacy Commissioner. Members may contact the Privacy Commissioner to consult and determine whether or not this requirement applies to their specific situation. It is also advisable for a member to obtain legal advice and to document how they have met the steps described above.
The member in this scenario was understandably shaken, however they felt somewhat reassured once they understood the steps required of them, and had a plan to address the breach. The member stated that they would notify their client immediately about what had happened, and inform them of their right to file a complaint with the Privacy Commissioner. The member also decided to obtain a legal opinion and contact the Privacy Commissioner to determine if they were required to report. The member was reminded to document all of the steps they had taken, including who they had consulted with and the information that they had been given, in case they were ever asked about their actions.
Members’ decisions to disclose client information without consent must be made after a careful review of the Standards of Practice and relevant legislation. Members must also ensure that they have explained the limits of confidentiality to their clients. Some reporting obligations are mandated by legislation. Members may also be permitted through legislation or the common law to disclose client information in the interest of safety. In any of these scenarios, members should obtain a legal opinion and consult with a supervisor or others within their organization to assist them in better understanding their professional and legal obligations and in making sound and ethical decisions.