Privacy and Confidentiality

As regulated health care professionals in Ontario, RDs have a responsibility to maintain the privacy and confidentiality of all client health information obtained within their dietetic practice. 


Privacy is a much broader concept than confidentiality. Privacy involves not only disclosing personal information, but also limiting when and how it is collected and used. Privacy principles reinforce the concept that personal health information belongs to the client, not the practitioner. The practitioner acts as a trustee, holding the information only for the benefit of the client.
Privacy requires RDs to:
  • Identify why personal information is collected;
  • Obtain consent to collect, use and disclose the information in most cases;
  • Develop a comprehensive privacy policy;
  • Safeguard the information effectively; and
  • Give clients the right to access and correct any errors in their information.
There are two main pieces of legislation that dictates the privacy requirements for RDs:
  1. Personal Health Information Protection Act (PHIPA), 2004 - most relevant to the collection, use and disclosure of personal health information; and 
  2. Personal Information Protection and Electronic Documents Act (PIPEDA), 2004 – most relevant for non-health aspects of an RD’s business (e.g., an RD who has a business conducting speaking tours).


One of the highest obligations required of an RD is to maintain information (in particular, client health information, in confidence. Without confidentiality, clients will not be forthcoming or trust their health care providers with the very private and personal information necessary for their care.
The duty of confidentiality applies to all information obtained about a client in the course of an RD’s professional duties. Ordinarily, an RD will require a client's consent, whether express, verbal or implied, to disclose information to others. Only in rare cases, will an RD have a legal obligation to disclose client information, even without consent (e.g., mandatory reporting obligations and where there is a duty to warn). The Personal Health Information Protection Act, 2004, further reinforces an RD's duty of confidentiality.