If you’re an Ontario registered psychotherapist who emails clients, you need a consent form that covers two separate sets of obligations. PHIPA s.18 requires knowledgeable, voluntary consent before you collect, use, or disclose personal health information. CRPO Standard 3.4 adds its own informed consent requirements specific to electronic communication channels.
This template addresses both. Each section is annotated with a bracketed reference (e.g., [PHIPA s.18] or [CRPO 3.4, Element 1]) so you can trace every field back to the obligation it satisfies. You can copy the form below, fill in your practice details, and hand it to clients before starting email communication.
One note: this template is written for Ontario. Other provinces (Alberta under HIA, BC under PIPA) have comparable but not identical consent requirements. If you practise outside Ontario, check your provincial legislation before using this form as is.
Consent form: email communication for therapeutic services
A. Therapist information
[PHIPA s.18: identifies the health information custodian]
Therapist name: [___]
CRPO registration number: [___]
Practice name: [___]
Practice address: [___]
Practice phone number: [___]
Practice email address: [___]
B. Purpose of email communication
[PHIPA s.18: consent must be knowledgeable; client understands what is collected and why]
I would like to use email to communicate with you as part of your therapeutic services. Email may be used for:
- Appointment scheduling and reminders
- Sharing session notes, homework, or therapeutic resources
- Responding to questions between sessions
- Administrative communication (invoices, receipts, insurance documentation)
- Other: [___]
Email messages may contain personal health information (PHI), including details about your treatment, mental health concerns, and therapeutic progress. By signing this form, you are consenting to the collection, use, and disclosure of your PHI through the email channels described below.
C. Electronic communication channels
[CRPO 3.4, Element 1: specific channels named individually]
I propose to use the following electronic communication channels with you. Please initial beside each channel you consent to:
| Channel | Initial |
|---|---|
| Email (address: [___]) | [___] |
| Text/SMS (number: [___]) | [___] |
| Video conferencing (platform: [___]) | [___] |
| Secure messaging portal (platform: [___]) | [___] |
| Other: [___] | [___] |
You are not required to consent to all channels. You may consent to some and decline others.
D. Risks of email communication
[CRPO 3.4, Element 2 + PHIPA s.18: risks specific to each channel; consent must be knowledgeable]
Email is not a fully secure communication method. Before consenting, please be aware of the following risks:
- Interception during transmission. Email can be intercepted in transit between sender and recipient. Encryption reduces but does not eliminate this risk.
- Forwarding. Emails can be forwarded (intentionally or accidentally) to unintended recipients.
- Device security. Emails are stored on your devices (phone, laptop, tablet). Anyone with access to your device could read them.
- Email metadata. Your email provider can see metadata (who you emailed, when, subject lines) even when the message body is encrypted.
- Server location. Email providers may store data on servers located outside Canada, where different privacy laws apply.
E. Encryption and safeguards
[PHIPA s.18: safeguard transparency]
Encryption in place: [___] (Example: “Outbound emails are encrypted for PHIPA using [encryption method/service].”)
What encryption covers: [___] (Example: “Email content is encrypted during transmission from my email to the secure portal where you read it.”)
What encryption does NOT cover: [___] (Example: “Emails stored on your personal device after you download them are no longer encrypted by this service. Your email provider may retain copies of messages on their servers.”)
Other safeguards: [___] (Example: “An audit trail logs every email send with timestamps and encryption status.”)
F. Alternatives to email
[CRPO 3.4, Element 3 + PHIPA s.18: alternatives available; consent must be voluntary]
You are not required to communicate by email. The following alternatives are available:
- In person communication during scheduled sessions
- Telephone
- Secure messaging portal: [___]
- Postal mail
- Other: [___]
Choosing not to use email will not affect the quality of your care or your therapeutic relationship.
G. Withdrawal of consent
[CRPO 3.4, Element 4: withdrawal process and consequences]
You may withdraw your consent to email communication at any time by notifying me in writing (email, letter, or secure message).
If you withdraw consent:
- I will stop using email to communicate with you within [___] business days of receiving your notice
- We will switch to one of the alternative methods listed in Section F
- Withdrawal is not retroactive. Emails already sent and received before your withdrawal remain part of your clinical record
H. Client acknowledgment and signature
[PHIPA s.18: consent is knowledgeable and voluntary]
Please read each statement and check the box to confirm:
- I have read and understand this consent form
- I understand the risks of email communication described in Section D
- I understand what encryption does and does not protect, as described in Section E
- I understand the alternatives to email described in Section F
- I consent voluntarily to email communication for the purposes described in Section B
- I understand I may withdraw my consent at any time as described in Section G
Client name (print): [___]
Client signature: [___]
Date: [___]
Therapist signature: [___]
Date: [___]
This template is for informational purposes. Review with your regulatory body or legal counsel before use.
This content is for informational purposes only and does not constitute legal advice. Privacy regulations vary by province and are subject to change. Verify current requirements with your provincial regulatory body.
Curio automates the encryption and audit trail steps referenced in sections D and E. If you’re using Gmail with clients, see how Curio works.