Client Record Transfers for RMTs: Legal and CMTO Requirements

Delta Law
20 hours ago
4 min read

When a Registered Massage Therapist (RMT) leaves a clinic or changes their practice, one of the most sensitive responsibilities involves client records. Handling these records correctly is not just a matter of professionalism but a legal and ethical obligation.

Under Ontario’s Personal Health Information Protection Act (PHIPA) and the College of Massage Therapists of Ontario (CMTO) Standards of Practice, RMTs must ensure that client records are transferred securely, retained appropriately, and remain accessible to clients even after a practice change.

Failing to follow these requirements can result in privacy breaches, client complaints, or disciplinary action.

Why Client Record Transfers Matter

Client health records are the foundation of safe and effective care. They contain detailed treatment notes, health histories, and assessments that are necessary for continuity of care.

When an RMT leaves a clinic or retires, these records cannot simply be left behind or discarded. The transfer process must protect client confidentiality while ensuring that clients can continue treatment or access their records when needed.

Proper record transfer practices demonstrate respect for client rights, compliance with CMTO standards, and adherence to Ontario privacy laws.

Understanding Custodianship under PHIPA

The first step in any record transfer is identifying who is the Health Information Custodian (HIC) under PHIPA. The custodian is legally responsible for controlling and safeguarding the records.

If the clinic creates, stores, and maintains the records, the clinic is typically the custodian.
If the RMT operates independently and maintains their own records, the RMT is usually the custodian.

Even if the clinic is the custodian, the RMT still has professional responsibilities to ensure clients are informed about where their records are stored and how to access them after departure.

The CMTO expects RMTs to clarify custodianship before beginning work at a clinic. This avoids confusion and potential disputes later.

Legal Requirements for Record Transfer

PHIPA establishes clear obligations for how personal health information must be handled. When transferring records, both the clinic and the RMT must ensure that:

The transfer is authorized and secure.Records cannot be shared or removed without proper consent or authorization from the custodian.
Client confidentiality is protected.Only those involved in the care or authorized under law may access the records.
The records remain complete and accessible.Clients have the right to access their information upon request, even after the RMT leaves the clinic.
Proper documentation is maintained.Both parties should keep written confirmation of the transfer, including dates, custody arrangements, and how clients will be informed.

These requirements apply whether the records are paper files or stored electronically through practice management software.

CMTO Expectations for RMTs Leaving a Clinic

The CMTO’s Standard 6.4: Discontinuing Services requires RMTs to ensure continuity of care when they leave a clinic. Therapists must take reasonable steps to inform clients of their departure and explain how to access their records or continue treatment.

If a clinic refuses to notify clients or transfer records appropriately, the RMT may contact clients directly with factual information. The purpose of this contact must be to ensure continuity of care, not to solicit business.

The CMTO also requires that records be retained for:

Ten years after the last treatment, or
Ten years after a minor client turns eighteen, whichever is longer.

Records must remain secure, legible, and retrievable throughout that period.

Best Practices for Record Transfers

Whether you are leaving a clinic, moving to private practice, or closing your business, the following best practices help ensure compliance:

Confirm who is the record custodian.Clarify ownership and control of client records before you leave.
Document the transfer process.Record the date, method, and receiving party for every transfer.
Inform clients appropriately.Ensure that clients are told where their records are stored and how to access them.
Maintain confidentiality.Use secure methods for transfer, such as encrypted electronic files or sealed physical delivery.
Retain copies if required.Keep necessary documentation for your own records to confirm compliance.

Following these steps protects both your clients and your professional standing.

Handling Electronic and Cloud-Based Records

If you use electronic health record systems or cloud-based storage, additional care is required to comply with PHIPA. Ensure that:

The software provider meets Canadian privacy standards.
Data is encrypted and regularly backed up.
Servers are located in Canada or another jurisdiction that meets PHIPA’s protection level.
Access permissions are updated immediately after you leave a clinic to prevent unauthorized use.

Electronic systems must allow clients to access or transfer their information securely at any time.

When to Seek Legal Advice

Disagreements over client record ownership or access are common, particularly when contracts do not clearly define custodianship. If a clinic refuses to release information or a client complains about how their records were handled, legal advice may be necessary.

A lawyer experienced in healthcare compliance can help:

Interpret contracts and determine who the legal custodian is.
Draft or revise record transfer agreements.
Respond to CMTO or PHIPA inquiries.
Ensure that your policies and communications align with regulatory requirements.

Taking legal guidance early can prevent professional and reputational damage later.