I’m Kate Dewhirst.

My team and I write about legal issues affecting healthcare in Canada.

Kate Dewhirst Health Law - bringing the law to life. Meet Kate (in 13 seconds)

Always scroll down

Posted by

The Forward Email function should be used very carefully. Here’s why …

As a lawyer, I get forwarded a lot of emails by my clients.  In those emails there are often long threads of internal email conversations within the team where they realize there is a legal question and I get retained to advise on an issue.

Most of the time, it is helpful for me to receive those internal email conversations. They can give me the history, the context, different people’s views and contributions to the discussion.

BUT it should not be regular practice to forward emails or add new people to email threads without extra care and caution.  Forwarding emails is dangerous!  Okay – that’s an exaggeration.  But let me tell you what can happen when you over use the Forward Email function.

Problem 1: Wrong people learn of information

At least four times a year, I read an email and think to myself, Ooooooooooooooooooooooooooh – the person who wrote this email (or part of an email) did not intend everyone on this email list to be privy to their views.

It goes like this:

(1) The email starts with a few participants. The content is appropriate to that group.

(2) Somewhere along the email thread, someone gets candid or expressly critical of others.

(3) The next part of the thread initiates setting up meetings.

(4) New people are added to the thread who will need to come to the meeting but to discuss a completely different issue.

Now all the participants in the meeting are privy to an email thread that include’s someone’s vulnerable expressions of risk, concern, venting or critique to trusted colleagues.

Tip: Before you forward any email – or add any new person to the email thread – scroll down and read what is in whole email thread. Assess whether a new email needs to be started. NEVER add someone new to an email thread where there has been a trusted confidential dialogue. 

Problem 2: You lose legal privilege

Sometimes, I get forwarded an email chain that includes legal advice that came from another lawyer who is acting for another side involved in a dispute with my client.  When that happens I cringe.

I cringe because I know the lawyer who wrote that email to their client, did not intend for me to receive it.  Sometimes the comments are benign.  But sometimes that email contains information about why the other side is not agreeing to certain provisions or explains their fears and concerns.  In any event, it is content I should not receive.

I cringe because I know from time to time, my clients do the same thing and another lawyer at another desk is reading the confidential, privileged legal advice I sent to my client. I know there have been times when my clients inadvertently forward my email to the other side as part of a long email thread or do so intentionally as short hand to say “these are my lawyers’ concerns”.

Tip:  Never forward your legal advice to the other side.  You can lose the legal privilege you have over legal advice. 

What’s legal privilege?

The solicitor-client privilege that attaches to emails with your lawyer protects all communications your team and your lawyer from being disclosed without your permission. The privilege belongs to the client and not the lawyer. 

It may not seem important in the moment – however, when you “waive privilege” it is possible that the emails with your lawyer become disclosed against you in litigation or become accessible in freedom of information requests. You won’t necessarily appreciate the importance of the legal privilege until you no longer have it.  It is good practice not to be in the habit of forwarding your lawyers’ email messages.

Problem 3:  You become exposed to patient privacy breaches

In a long email thread, especially one dealing with a patient incident or issue, somewhere sometime an otherwise anonymous patient becomes inadvertently identifiable.  As different people are invited into an email thread, they add new content and use different ways of communicating about a patient.  The email starts with vague details – someone is added and starts using initials – someone is added who uses a first name – someone is added who uses a medical record number (MRN) – someone is added who attaches a document with the patient’s complaint and signature.  Long email threads about patient incidents almost always result in identifiable information being shared inadvertently – which then exposes you to privacy breach risk.

Tip: Be very careful about sharing patient incident information by email.  Do not attach identifiable patient complaint documentation to otherwise anonymized email threads. 

My number one tip when sending emails is – scroll down.  Before you forward anything, scroll down and see if the total content of that email message should be forwarded on. Most of the time it should not.  Delete the parts that should not be included or better yet, start a new message if you are adding new people to the mix.


If you enjoyed this article please share it:


Previous and next posts from Kate:

Some of Kate’s recent and upcoming events

Free healthcare privacy webinar - ask me anything!
the first Wednesday of every month

Free webinars - advance registration needed

Whether you're an experienced privacy officer or new in the field, pick Kate’s brain for free for an hour, in this live webinar. No charge, but you’ll need to register in advance.

Primary care webinars: Employment Law Update & Legal Issues for EDs and Board members

Part of Kate’s monthly webinar series.

Our 2025 program is now live.
Full details of the 2025 webinar series and registration here.

Mental Health webinars: Legal issues for mental health and addictions agencies and teams
Annual membership 2025

For managers and other leaders from mental health and addictions agencies, hospitals, CMHAs, CHCs, school boards, FHTs and Indigenous health services

This is an annual membership program with monthly webinars.
Full details and registration here.

Health Privacy Officer Foundations training
starts Spring 2025

For Privacy Officers within healthcare organizations.

This course focuses on how to become a more confident privacy officer and gives you the tools to document your privacy program. Full details and registration here...

Join the Shush: a collective of health privacy officers
Annual membership 2025

For Privacy Officers within healthcare organizations

This is an annual membership program that takes theory into practice and tackles real life scenarios to build Privacy Officer skills.
Full details and registration here.

Team Privacy Training Events

For Primary Care clinics, Hospitals, Community Agencies, Mental Health Teams, Public Health Units, School Boards, Police departments

Scheduled to your team's needs for comprehensive or refresher training More details...

Free summary of all PHIPA IPC decisions

Want to read privacy breach stories to learn how to improve your work? We have summarized all the Information and Privacy Commissioner's health privacy decisions for you Download here...

Kate Dewhirst Health Law

Kate says:

My mission is bringing the law to life. I make legal theory understandable, accessible and fun! I’m available and love to work for all organizations in the healthcare sector across Ontario and beyond.

Subscribe to my mailing list and keep up to date with news:

Latest Tweets

  • Our twitter feed is unavailable right now. Follow us on Twitter
  • contact details

    P.O. Box 13024, RPO Bradford Centre
    Bradford, ON, L3Z 2Y5

    (416) 855 9557

    .