CAP expanding to regulate counselling therapists in Alberta: what this means for you

You’re a counselling therapist in Alberta. You email clients. Maybe appointment confirmations, maybe session notes, maybe referral letters. You’ve been doing this for years without anyone asking whether your email setup meets a regulatory standard.

That’s about to change. The College of Alberta Psychologists (CAP) is expanding its scope to include counselling therapists. Once that happens, you’re regulated, which means Alberta’s Health Information Act (HIA) applies to every email you send that contains client health information.

This guide walks through the expansion, what it means for your email, and what you can do right now to get ahead of it.

What is the CAP expansion?

Right now, CAP regulates psychologists and provisional psychologists under Alberta’s Health Professions Act (HPA). Counselling therapists aren’t in that picture. The expansion changes that.

Some history. December 2018: Alberta unanimously passed the Mental Health Services Protection Act. The goal was to bring counselling therapy, addictions counselling, and child and youth care counselling under the HPA. Originally, a brand new college was planned. The Association of Counselling Therapy of Alberta (ACTA) would become the College of Counselling Therapy of Alberta (CCTA).

That didn’t happen.

March 2024: the government shifted course. CAP would absorb counselling therapists instead of standing up a separate college (CBC News, March 2024). The logic was practical. Psychologists and counselling therapists work in overlapping areas of mental health. One college, shared infrastructure. CAP and ACTA would collaborate on entry standards, competencies, and accountability (ACTA announcement).

Where things stand now

The original target was 2025. That slipped. As of late 2025, CAP was still waiting on provincial government funding to develop a code of conduct, practice standards, and education requirements for the counselling therapist category (CBC News, September 2025). ACTA is now conducting a profession wide workforce survey through Fall 2026 to demonstrate the readiness of counselling professionals in Alberta (ACTA, 2026).

No firm completion date. CAP’s registrar has stated the organization cannot provide an anticipated timeline with certainty (CAP FAQ, 2024). There are also open questions about whether addiction counsellors and child and youth care counsellors will be included (CBC News, March 2024).

But the direction of travel is toward regulation, not away from it. Alberta is following a broader Canadian trend: Ontario has regulated psychotherapists through the College of Registered Psychotherapists of Ontario (CRPO) since 2015, and BC will begin regulating psychotherapists through the College of Health and Care Professionals of BC (CHCPBC) in November 2027.

What CAP regulation means for counselling therapists’ email

This is where it gets practical.

Here’s the chain of consequences. Once you’re regulated under CAP, you become a “custodian” (or agent of a custodian) under HIA. If you haven’t encountered HIA before, it’s Alberta’s version of Ontario’s PHIPA: the law governing how health information gets collected, used, disclosed, and protected.

Custodian status comes with legal obligations for how you handle health information over email. Two HIA sections will affect your practice the most:

HIA s.60: Security safeguards. Custodians must take reasonable steps to maintain administrative, technical, and physical safeguards to protect health information. For email, “reasonable” means encryption. Sending a client’s health information over unencrypted email doesn’t meet this standard.

What counts as “reasonable” in practice? HIA doesn’t prescribe a specific encryption protocol. You assess your operational context and choose safeguards that match the sensitivity of the information you handle. For a counselling therapist emailing session notes or assessment results, that bar is high. General offence penalties under HIA s.107 reach $200,000 for individuals and $1,000,000 for organizations, with specific contravention categories carrying different ranges (HIA, RSA 2000, c H-5).

HIA s.64: Privacy Impact Assessments. Before implementing a new information system or changing one that handles individually identifying health information, custodians must submit a Privacy Impact Assessment (PIA) to the Office of the Information and Privacy Commissioner (OIPC) of Alberta. The PIA goes in before implementation (OIPC Alberta, PIA requirements). Switch email providers or add an encryption layer? PIA first.

This catches practitioners off guard. You can’t adopt a new email tool and then file the paperwork afterward. The PIA process requires you to describe how the proposed system collects, uses, and discloses individually identifying health information. OIPC reviews it before you go live.

Then there’s consent documentation. CAP’s Use of Technology guideline (updated September 2024) expects informed consent covering the risks of electronic communication, available alternatives, and the client’s right to withdraw consent at any time. Counselling therapists, once regulated, will be held to that same standard.

For a full breakdown of HIA’s email requirements, see the guide on HIA email requirements for Alberta therapists. You can also read the full HIA statute text directly.

How this compares to existing CAP practice standards

CAP already has practice standards that touch on digital communication. Covered in detail here.

For the broader pan-Canadian view of how Alberta’s HIA fits alongside PHIPA and BC PIPA, see our provincial privacy law comparison.

The short version. Three Standards of Practice are relevant: confidentiality (Standard 12), informed consent (Standard 3), records (Standard 7). Then there’s the Use of Technology guideline, approved September 1, 2024, which gets more specific about electronic communication: adequate confidentiality protections, informed consent that names the risks.

For the expansion, those same standards apply to counselling therapists once regulation takes effect. No counselling therapist specific standards have been published yet. That work is waiting on government funding. The existing psychologist standards are the baseline until something new comes out.

Read through the CAP practice standards guide and start aligning now. You won’t be starting from zero when regulation arrives.

One thing to watch: CAP may introduce additional guidance for counselling therapists based on scope of practice differences. The counselling therapy scope overlaps with the psychologist scope but isn’t identical. That could mean different requirements for certain types of clinical communication or record keeping. Nothing published yet. For now, the psychologist standards are your closest reference point.

Practical steps to prepare

You don’t need to wait for regulation to finalize. Most of these obligations already exist under HIA, and the practice standard expectations are published. Here’s what you can do now.

1. Review your email setup against HIA s.60 security safeguards

Look at how you’re currently sending email to clients. Gmail or Outlook without an encryption layer? Your outbound email is likely going out with opportunistic TLS only, which means encryption to the recipient’s server isn’t guaranteed. If their server doesn’t support TLS, the message goes in plaintext. Under HIA s.60, custodians need reasonable technical safeguards. Plaintext email with health information doesn’t meet that bar.

2. Determine if you need to submit a PIA to OIPC Alberta

Planning to change your email setup? Adding encryption, switching providers, adopting a new tool? HIA s.64 requires a Privacy Impact Assessment submitted to OIPC Alberta before you implement the change. Not after. See the privacy impact assessment template for guidance on the PIA process.

3. Review CAP practice standards for digital communication

The existing CAP practice standards for email guide covers this in full. Standards of Practice and the Use of Technology guideline are already published, and they’ll form the baseline for counselling therapist obligations.

4. Set up encrypted email for client correspondence

Pick an encryption approach that fits your practice: a dedicated encrypted email provider, an encryption add-on for your existing email, or a compliance layer that handles encryption automatically at runtime. Whichever you go with, document your decision and the reasoning behind it. That documentation matters. If you’re ever asked to demonstrate compliance with HIA s.60, or if CAP requests evidence during a practice audit, you’ll want a paper trail showing you thought this through.

5. Document consent for electronic communication

Create a consent process that covers the risks of email communication, available alternatives, and the client’s right to withdraw consent. Record when each client provided consent and what they consented to. Not a one time task. CAP’s Use of Technology guideline is explicit on this: informed consent must be ongoing, and clients must know they can revoke it.

6. Monitor CAP announcements for counselling therapist specific guidance

Still in development. Watch cap.ab.ca and ACTA’s website for updates on education requirements, competency standards, registration timelines, and any counselling therapist specific provisions for electronic communication. When CAP publishes counselling therapist standards, revisit steps 1 through 5 against whatever new requirements come out.

Pan-Canadian context

Alberta isn’t moving in isolation. Regulation of counselling and psychotherapy professionals is a cross country trend.

Ontario has been the furthest ahead. CRPO has regulated psychotherapists since 2015, with established electronic practice standards covering consent, confidentiality, and record keeping for electronic communication. CRPO members are subject to PHIPA, which requires health information custodians to take reasonable steps to protect personal health information (PHIPA s.12(1)).

BC is next. CHCPBC will begin regulating psychotherapists on November 29, 2027, when “psychotherapist” becomes a protected title in the province. BC practitioners will be subject to PIPA (BC), with its own security arrangement requirements under PIPA s.34. See the full breakdown of CHCPBC psychotherapy regulation for what BC therapists need to prepare.

Alberta sits in between: regulation announced, direction confirmed, but the timeline still uncertain. Once CAP regulation takes effect, Alberta counselling therapists join their Ontario and BC counterparts in having both a privacy law (HIA) and a regulatory body (CAP) governing their electronic communication.

For a broader comparison of how email privacy laws across Canada interact with these regulatory developments, that cross provincial guide covers the full picture.

The pattern across all three provinces: regulation triggers privacy law obligations for electronic communication. Ontario’s CRPO members are subject to PHIPA. BC’s future CHCPBC members will be subject to PIPA (BC). Alberta’s counselling therapists, once regulated under CAP, fall under HIA. The specific laws differ. The direction is the same.

What this doesn’t solve

A few honest caveats.

The timeline is uncertain. As of May 2026, CAP regulation of counselling therapists has been announced but not implemented. The government has committed to the direction, but funding and regulatory development are still in progress. CAP may introduce counselling therapist specific standards that differ from the psychologist baseline. Government funding decisions could accelerate or further delay the process. We’ll update this guide as the regulatory picture becomes clearer.

Preparing now puts you ahead, but it doesn’t guarantee you’ll meet every future requirement on day one. New standards may introduce obligations we can’t anticipate from the current published documents. That’s why step 6 (monitoring CAP announcements) is just as important as the technical steps.

And regulation is just one layer. Even without CAP regulation, if you handle health information in Alberta, HIA already applies to you. The difference regulation makes: it adds professional accountability through CAP on top of HIA’s legal obligations. It also means clients can file complaints with a regulatory body, not just the OIPC. And it means CAP can investigate, discipline, and set conditions on your practice for non-compliance with its standards.

Next steps

Curio’s compliance infrastructure is designed for Canadian health privacy law, including Alberta’s HIA. Automatic encryption and a Canadian audit trail for every send. Join the waitlist.