These templates are for informational purposes. Review with your regulatory body or legal counsel before use.
Most therapists know they need email encryption. Fewer think about what happens when an email lands in the wrong inbox anyway. A disclaimer won’t replace encryption, but it does two things: it tells the recipient what to do if they’ve received something they shouldn’t have, and it documents that you took reasonable steps to communicate the sensitivity of the content.
Below are three disclaimer templates. Each serves a different purpose. Copy the one you need, fill in the bracketed placeholders, and paste it into your email signature or message body.
1. Standard email footer
When to use: On every outgoing email from your practice account. This is your default footer, appended automatically via your email signature settings.
CONFIDENTIALITY NOTICE
This email and any attachments are intended only for [Therapist Name / Practice Name] and the named recipient(s). This message may contain personal health information protected under the Personal Health Information Protection Act, 2004 (PHIPA) and applicable provincial privacy legislation.
If you received this email in error, please notify the sender immediately by reply email, then delete the original message and all copies from your system. Do not read, copy, forward, or disclose the contents.
[Practice Name] [Therapist Name], [Credentials] [Phone Number] [Province]
2. Initial client email disclaimer
When to use: The first time you email a new client (or when you begin email communication with an existing client who previously only communicated in session or by phone). This sets expectations about privacy, encryption, and the limits of email as a channel.
Paste this into the body of your first email, above the message content.
ABOUT EMAIL COMMUNICATION WITH [Practice Name]
Before we begin communicating by email, I want you to know how your information is protected:
Encryption: Outbound emails from this practice are encrypted using [encryption method/service name]. This means the contents of my messages to you are protected during transmission.
What encryption does not cover: Once a message reaches your inbox and you download or open it, it is stored on your device. Anyone with access to your device can read it. Your email provider may also retain copies on their servers.
Your responsibilities: Please do not forward emails containing your health information to others. If you access your email on a shared device, consider whether others could see messages from this practice.
If you receive a message not intended for you: Notify me immediately at [email address] or [phone number], then delete the message.
Alternatives to email: If you prefer not to communicate by email, we can use [list alternatives: phone, secure portal, in person]. Let me know and I will adjust.
If you have questions about how your information is handled, I’m happy to discuss this at our next session.
[Therapist Name], [Credentials] [Practice Name]
3. PHI containing email disclaimer
When to use: When an email contains personal health information (PHI), such as session notes, treatment summaries, referral letters, insurance documentation that names a diagnosis, or homework with clinical content. Add this disclaimer at the top of the message, before the PHI.
THIS EMAIL CONTAINS PERSONAL HEALTH INFORMATION
The content below includes personal health information (PHI) as defined under the Personal Health Information Protection Act, 2004 (PHIPA). This information is being sent to you with your informed consent for the purpose of [state purpose: e.g., “providing a summary of today’s session,” “sharing a referral letter for your review,” “sending documentation for your insurance claim”].
This email is encrypted during transmission using [encryption method/service name]. After delivery to your inbox, the security of this information depends on your device and account settings.
Please:
- Do not forward this email without careful consideration of who will see it
- Store or delete this message according to your own privacy preferences
- Contact me at [phone number] if you have concerns about this communication
If you did not request this information or believe you received it in error, contact me immediately at [email address] and delete all copies.
[Therapist Name], [Credentials] [Practice Name]
A note on provincial scope
These templates reference PHIPA (Ontario), but the principles apply across Canadian provinces. Alberta’s Health Information Act (HIA) and BC’s Personal Information Protection Act (PIPA) have comparable requirements around safeguards and breach notification. If you practise outside Ontario, swap the legislation reference for your provincial equivalent and verify the language with your regulatory body.
This content is for informational purposes only and does not constitute legal advice. Privacy regulations vary by province and are subject to change. Verify current requirements with your provincial regulatory body.
Curio automates the encryption referenced in these disclaimers. If you’re using Gmail with therapy clients, join the waitlist to see how it works.
Related resources: