12 Legal Matters

Watch or Listen to the Following Media Clip

Media 12.1 Professional Boundaries Scene. [Video]. CC-BY-NC-SA 2021. Conestoga College.


Learning Objectives

  • Explore professional accountability influencing the role of the Health Care Administrator.
  • Recognize the importance of professional boundaries in the therapeutic relationship.
  • Explain legal matters within the context of health care and communications.
  • Explore the link between patient/client safety and effective communication.


Health professionals know the importance of quality care and the delivery of health services provided. For many health professionals, their scope of practice is regulated through governing bodies who apply legislation (law) to ensure protection in the interest of the public. For example, the Regulated Health Professions Act, 1991, S.O. 1991, c. 18 in Ontario outlines the regulations which the governing bodies implement. Governing bodies are often referred to as colleges, such as the College of Physicians and Surgeons (CPSO) and the College of Nurses. Health Care Administrators (HCAs) have the duty and responsibility to protect health information and support client safety.

Providers of health services recognize how services are regulated and ensure protocols and procedures are in place to comply with standards of care. Legal issues arising in the health care environment can often be attributed to poor communication management leading to undesirable outcomes. Client-centred therapeutic communications provide for shared decision making, understanding of common goals, and supports the engagement of the patient and their families. This chapter will focus on legal matters relevant to the health care environment and considerations involving the role of the HCA.

Assessing What You Already Know

Alternative Text Option


Every client has the right to anticipate and expect information obtained and discussed within the health care environment will be kept confidential by all members of the health care team. Sensitive information is often exchanged in the therapeutic relationship. Unauthorized individuals should not have access to the appointment schedule, patient personal health information (PHI), and related information. The role of the HCA encompasses a custodian like approach to guard information and protect data. To take it an additional step forward consider again the importance of trust in the therapeutic relationship. A client will trust the HCA will keep their PHI safe.

Personal Information Protection and Electronic Documents Act (PIPEDA) and Privacy Act

According to the Office of the Privacy Commissioner of Canada (2018), personal information is data about an “identifiable individual”. It is information that can identify you as an individual on its own or combined with other pieces of data. PIPEDA largely encompasses how businesses handle personal information. Several provinces in Canada have their own privacy laws as they relate to health care which is substantially aligned with PIPEDA, while other provinces and territories have privacy acts not considered directly aligned with PIPEDA.

Circle of Care Model

The “circle of care” is considered the group of healthcare providers treating a patient who share information to provide that care. The concept of the circle of care allows the sharing of patients’ health information between healthcare providers who are providing care to that patient, without seeking the patient’s express consent every time information needs to be exchanged. This allows for the provision of clinical information to colleagues when consulted (Canadian Medical Protective Association, 2021).

The circle of care model extends to include sharing information, consent, information sharing with the family, leaving information on voice mail,  and third party requests for information. The HCA should be mindful to operate within the circle of care model throughout the therapeutic relationship, involving others outside the circle of care is considered a direct violation of this care model and can be considered a privacy breach of information as discussed further. Consider a privacy breach as a breaking of the trust assigned to members within the health care environment.

Health Privacy Breach

A privacy breach occurs when PHI is collected, used or disclosed without authorization. Examples of this include, loss, theft or unauthorized copying, modification or disposal (Information and Privacy Commissioner of Ontario, 2018). Strategies helping to prevent a breach can include:

  • Protect documents and files
  • Return files as soon as possible to their storage system
  • Care conferences should be held in quiet locations away from others not involved in the client care
  • Develop a response mechanism to address any data loss if it occurs

Information Breach Situations to Consider

Review the following:

  • Employed in a primary care physician’s office and the patient paper file goes missing.
  • New HCA working in a hospital setting writes down their passcode on paper for accessing Patient Health Information (PHI) systems and someone reads this information and uses it to access or hack electronic patient files.
  • Leaving sensitive information about clients available to be read or seen by those outside of the circle of care.

Reflective questions:

  1. What is the common element in the situations explored here?
  2. Are these direct legal violations if so, in what ways?

Scope of Practice and Health Care Administrators

As a reminder from the Therapeutic Communication chapter earlier:

Most health care providers are regulated under the Regulated Health Professions Act (RHPA) and the Medicine Act, 1991 (Ontario Government). Health care administrators (HCAs) are not regulated professionals and follow the policy and procedures set by the regulated health care provider for which they work. HCAs may be assigned tasks that do not involve controlled acts.. It is important that HCAs are aware of their scope of practice and if there is doubt regarding the performance of a task or expression of behaviours, then the HCA should check with their immediate supervisor or the health care provider for which they work.  You may be wondering how this applies to communicating therapeutically? Let’s review these examples:

  • The use of therapeutic communication in the context of providing a client with psychological therapy treatment would fall outside of HCA scope of practice and should be left to the health care provider.
  • Actively listening to and acknowledging the stress a client is experiencing, while they express the impact that caring for their father (who suffers from Alzheimer’s disease) is on their daily life, may fall within the scope of the HCA. The caveat is that the observations made are shared with the health care provider for further assessment.

Professional Intimacy and Boundaries of Therapeutic Relationships

When a patient discloses their personal information to a HCA or others members of the health care team this is an example of professional intimacy. As a HCA professional intimacy is an inherent element of the therapeutic relationship. Professional boundaries are essential in identifying parameters of the therapeutic relationship. Maintaining professional boundaries is an expectation regardless of a patient’s actions or requests. Remember, a HCA is accountable for setting the boundaries of the therapeutic relationship.

At times, the temptation to cross professional boundaries may arise, these could include revealing personal information about yourself, calling a patient at home with the intention of establishing a personal relationship, or failure to disclose your professional status.

Boundary violations occur when the patient’s/clients needs are no longer the focus. Think of this as the reversal of roles.

The following list is examples of unacceptable behaviours in a therapeutic relationship:

Examples of Boundary Crossing Actions

Review this list and consider the impact these actions have on the therapeutic relationship:

  • Oversharing your personal information as an HCA with clients and families.
  • Volunteering to complete tasks outside of your role such as running a personal errand for a client.
  • Seeking support from a client or patient as a reversal of role.
  • Involving yourself in a client’s personal affairs such as buying and selling items with clients.

Policies and Protocols

In most environments within the health care, various policies dictate the overarching manner in which health care is accessed and delivered. An example of health policy in Canada is the Canada Health Act provides universal health insurance coverage funded at the federal, provincial, and territory levels. The Canada Health Act (policy) defines medical services with a goal to sustain health, prevent illness, and methods for diagnosing and treatments available. Many facilities and settings set policies in place to support quality patient outcomes. An HCA should be informed of the organizational policies governing their actions to ensure compliance and alignment.

Protocols in health care are described as a set of instructions or guidelines to follow surrounding client care. Clinical protocols reflect the appropriate level of care provided based on a set of health findings. An example could be a clinical trial of a new medication in development to treat a specific illness or condition. Using therapeutic communications in a clinical setting is an example of following a protocol to support client care and outcome.

Client Safety

Client safety refers to taking the steps necessary to prevent client harm during the process of accessing health care and services. To ensure a caring and just culture is established at all levels of the Canadian healthcare system (Canadian Patient Safety Institute, 2019). These guiding principles form an element within the policy framework presented by the Canadian Patient Safety Institute (CPSI) and developed as a strategic initiative to secure safe patient practices. Every member of the health care team has an obligation to practice in a safe manner to support patient safety. Figure 12.1 details the full framework for patient safety as developed by the CPSI with a goal for Canada to create the safest in the world.

Image demonstrating the levels of involvement for patient safety. Complete image description available at the end of this chapter.
Figure 12.1. Policy Framework for Patient Safety in Canada. From Canadian Safety Institute, 2019. [Image Description]

Ensuring client safety falls to all members of the health care team. When the HCA communicates in a therapeutic manner the client feels at ease. This openness creates trust and supports a client-centred safe space. When using therapeutic communication techniques in a goal-oriented manner the focus remains on client health care needs. Listening to understand supports the decision-making process of the client thereby increasing the safety of the client.

Check Your Understanding

Alternative Text Option


In this chapter you have:

  • Explored relevant legal matters within the context of health care.
  • Reviewed the role of the HCA in connection to operating within their scope of practice following the policies and procedures set out.
  • Recognized the importance of establishing professional boundaries while communicating in a therapeutic manner was emphasized throughout the chapter content.
  • Explored the link between patient safety and effective communication.

Key Terms

Alignment: The state of being agreed and matched with something or someone (Merriam-Webster, n.d)

Boundaries: A limit of activity.

Breach: Break, violate (Merriam-Webster, n.d).

Caveat: A caution, warning, qualification, or forewarning.

Circle of Care:: The group of healthcare providers treating a patient who share information to provide that care.

Compliance: The act of fulfilling requirements (Merriam-Webster, n.d).

Custodian: A person who has a responsibility.

Disclosed: To expose or make public (Merriam-Webster, n.d).

Governing: Having the authority to conduct the policy.

Inherent: Existing as something of an essential characteristic.

Intimacy: Close familiarity.

PHI: Personal health information.

Standards of care: A duty determined by a set of circumstances relevant to a particular patient at a given time.


Canadian Medical Protective Association. (2021, January). Privacy and confidentiality: Sharing information.  CMPA. https://www.cmpa-acpm.ca/en/education-events/good-practices/professionalism-ethics-and-wellness/privacy-and-confidentiality

Canadian Patient Safety Institute. (2019). Strengthening commitment for improvement together: A policy framework for patient safety. Patient Safety Institute. https://www.patientsafetyinstitute.ca/en/toolsResources/PolicyFrameworkforPatientSafetyCanada/Documents/PolicyFramework%20Document%20ENG%20FINAL.pdf [opens a PDF file]

Information and Privacy Commissioner of Ontario. (2018, October).  Responding to a health privacy breach: Guidelines for the health sector. https://www.ipc.on.ca/wp-content/uploads/2018/10/health-privacy-breach-guidelines.pdf [opens a PDF file]

Office of the Privacy Commissioner of Canada. (2018, January 31). Summary of privacy laws in Canada. Office of the Privacy Commissioner of Canada. https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/02_05_d_15

Image Description

Figure 12.1: This image details the policy framework for patient safety in Canada using intersecting circles to show the components involved in the initiative. Permission is granted to redistribute this document, in whole or part, for educational, non-commercial purposes providing that the content is not altered and that the Canadian Patient Safety Institute is appropriately credited for the work. [Return To Image]

Assessing What You Already Know (Text-based Activity)

Question 1

Recall the video at the start of this chapter. Consider the exchange between the HCA and the patient. How could we view the response by the HCA? Select all responses that apply:

  1. Offering medical advice
  2.  Nothing, this exchange is fine
  3. Crossing professional boundaries
  4.  Oversharing

Solution. The correct response is option three and option four. This is an example of crossing professional boundaries by using personal experience to answer a question the client asked. Explore this chapter further to read about professional boundaries. Oversharing is providing information based on a personal experience can be viewed as an oversharing. The HCA mentioned a personal relationship in the response.

Question 2

Two Health Care Administrators are talking about a client’s health history near a patient waiting room. How would you perceive this? Select which apply:

  1.  Data breech of patient information
  2.  Normal practice when teams are working together
  3. This sharing of information may assist with patient care

The correct response is option one. Others could overhear identifying data about the client and therefore confidential information could be released resulting in a data breech. Return to Activity


Check Your Understanding (Text-based Activity)

Question 1

Examples of PHI breach are? (more then one may be correct)

  1.  Loss
  2. Theft
  3. Disposal.
  4. For filing purposes.
  5. Patient requested a copy

The correct response includes options one, two and three. Privacy breaches can occur when the personal health information is lost, stolen or disposed of incorrectly.

Question 3

Maintaining professional boundaries is for the HCA to set

  1.  True
  2.  False

The correct response is option one, true. The HCA should be very aware of their professional boundaries. Return to Activity




Icon for the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

Therapeutic Communication for Health Care Administrators Copyright © 2022 by Kimberlee Carter; Marie Rutherford; and Connie Stevens is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License, except where otherwise noted.

Share This Book