Unless you’ve been living under a fluoride rock, you’ve probably heard about the now-infamous Tea app. Touted as a women-only platform for anonymously reviewing men they’ve dated, Tea surged to No. 1 in the App Store earlier this year. It promised to promote dating safety and empower women to warn others about red-flag behaviour. It became a viral hit on social media — but the honeymoon didn’t last long.
Within weeks, the app was hacked. Private and supposedly anonymous reviews were leaked. Some users discovered that men they’d flagged could be identified by reverse image searches or shared screenshots. Lawsuits are now piling up—alleging negligence, breach of privacy, and emotional distress. The App was even pulled from multiple platforms. The fallout is a cautionary tale about what happens when tech ambition meets legal oversight (or lack thereof). [1]
And yet, even as the Tea app boils over and evaporates, its underlying concept — crowdsourced warnings about problematic individuals — remains appealing in other fields. Including, believe it or not, dentistry.
The patient blacklist pitch
Case in point… Years ago, I was approached by a dentist with a “great idea.” They wanted to build an app. An app that allowed dentists to review patients—the bad apples, specifically. Those patients who:
- Refuse to pay on time (or at all),
- Routinely ask for discounts or free work,
- Complain online or file complaints with the RCDSO,
- Disregard treatment plans,
- Have difficult personalities or personal dramas,
- And in general, make practice life… exhausting.
Their thinking was simple: “If patients can post whatever they want about me online, why can’t I warn other dentists about them?”
In an era where dental offices are businesses, and patients behave like shoppers, this line of thought makes a certain emotional sense. Dentists deal with increasing financial pressures, rising patient entitlement, and now, a wave of new patients entering the system through public programs like the Canadian Dental Care Plan (CDCP), many of whom may not value or understand the nuances of professional dental care.
Wouldn’t it be helpful to know if a new patient showing up for a hygiene appointment has a history of cancelled appointments or threats to sue or complain online or with the RCDSO?
I get it. But let me say this clearly: An app for dentists to rate patients is not just a bad idea—it’s a legally dangerous one.
Let’s break down why.
The fiduciary relationship: More than just oral hygiene
Dentists in Ontario are not merely businesspeople providing a service. Legally, they’re fiduciaries—professionals in a position of special trust with their patients. That fiduciary duty includes a deep responsibility to act with loyalty, confidentiality, and utmost good faith.
The Supreme Court of Canada in Norberg v. Wynrib [1992] 2 SCR 226 and in McInerney v. MacDonald, [1992] 2 S.C.R. 138, affirmed that healthcare professionals —including dentists—owe fiduciary duties to their patients, including a duty of confidentiality rooted not just in statute, but in equity.
Posting or sharing information —even just a patient’s name or pattern of bad behavior— with other dentists in a way that could harm the patient’s reputation or future access to care could breach that fiduciary duty. Especially if it’s done without consent.
PHIPA and the tight net of privacy laws
Under Ontario’s Personal Health Information Protection Act (PHIPA), dentists are considered “health information custodians.” That means they are legally responsible for protecting personal health information (PHI), which includes not just clinical records, but any identifying information about a patient in the context of healthcare — such as appointment histories, billing details, complaints, even subjective comments in the chart.
According to PHIPA, disclosure of PHI without express patient consent is prohibited — unless a specific exemption applies (such as reporting child abuse or infection control breaches). Warning another dentist that a new patient “is a nightmare who never pays and threatened to sue or complain” could absolutely qualify as unauthorized disclosure of PHI, particularly if that dentist can identify the individual.
You may think: “Well, we won’t use names or contact info—just vague descriptions.”
Unfortunately, if the patient is reasonably identifiable, even indirectly, you’re still breaching PHIPA.
Class actions, data breaches, and the anonymous illusion
Still thinking of building this app? Picture this:
- A disgruntled patient sues for defamation after screenshots of their “anonymous” review appear in a Facebook group.
- A data breach exposes your list of “flagged patients” to the public — and someone links it back to your IP address.
- A group of patients files a class action against a network of dentists for unlawfully sharing personal information.
If you think you can stay anonymous, ask any dentist who’s read a 1-star Google review and knew instantly who wrote it (assuming it was indeed a real review from a real patient). That’s how identifiable patient behavior can be. Now flip the script. If a patient sees a description like, “Older woman, comes every six months, never pays on time, drives staff crazy, insists on lavender-scented bibs” — they’ll know it’s them. And if your clinic is one of three in town, they’ll know where it came from too. Word spreads.
The risks of defamation are real. Under Ontario law, defamation requires only three elements:
- a false or damaging statement,
- publication to a third party, and
- harm to the subject’s reputation.
Even if your review is true, you’ll need to prove it in court. Good luck with that when your patient files a lawsuit in civil court (in addition to an RCDSO complaint and a privacy complaint with the Information and Privacy Commissioner of Ontario) and you have to explain how their PHI ended up in an unregulated app.
Good intentions, bad execution
The idea of “rating” patients appeals to our sense of fairness. If they can post online reviews about us, why can’t we post reviews about them? But here’s the difference: patients are not fiduciaries. Dentists are.
Patients don’t sign contracts to uphold RCDSO standards. Dentists do. Patients don’t operate under PHIPA. Dentists do.
There’s no symmetry here—and no safety net. Your regulatory, legal, and reputational risk is enormously higher than a patient’s. Just one privacy breach, just one shared “review,” and suddenly your years of education and practice-building are on the line.
There’s also a deeper philosophical issue: Do you really want to practice dentistry through a lens of fear and suspicion? Most patients—even the high-maintenance ones—aren’t malicious. They’re confused, anxious, struggling financially, or just human. Treating each new patient as a potential threat may seem protective in the short term, but it corrodes the spirit of care that brought most dentists to the profession in the first place.
Coming full circle: What tea teaches us
Back to the Tea app. It was born of seemingly good intentions—protect women, expose dangerous behavior, empower daters. But the execution failed. Anonymity was fragile. Privacy laws were ignored. Legal risks were underestimated. And in the end, people got hurt.
Dentists tempted by a patient-rating app face a similar trajectory. The idea feels like justice. But the legal, ethical, and reputational hazards vastly outweigh any practical gain. Even if you could build it or use it: should you?
The answer is a resounding: no.
Bottom line:
Dentists have far more to lose than to gain in any system that rates or exposes patients.
The better alternative? Strengthen your patient intake processes. Build clear financial policies. Learn to spot red flags through behavior, not backchannel gossip. Use internal notes and firm boundaries, not public shaming. Dentists are allowed to say ‘no’.
Have good records and use logic and intuition when dealing with your problematic patients. And per the RCDSO Practice Advisory Maintaining a professional patient-dentist relationship: “If after taking steps to resolve a conflict the relationship is no longer co-operative and trusting, or if it becomes antagonistic, it may be best for the parties to go their separate ways.” The RCDSO offers a sample dismissal letter on their website.
At the end of the day, the dentist-patient relationship should be built on trust, not Tinder logic.
References:
[1] Sources: Faith Hill, “First Came Tea. Then Came the Male Rage.” The Atlantic (30 July 2025), online: https://www.theatlantic.com/family/archive/2025/07/tea-app-dating-data-breach-misogyny/683712/; Sara Chernikoff and Kathryn Palmer, “Data breach causes dating app to take down messaging system”, USA TODAY (30 July 2025), online: https://www.usatoday.com/story/tech/2025/07/30/tea-dating-app-data-breach/85443741007/ and Lindsey Ellefson, “There’s Already a Class Action Lawsuit Against the Viral ‘Tea’ App” Lifehacker (31 July 2025), online: https://lifehacker.com/tech/tea-app-class-action-lawsuit
About the author:
Michael Carabash, BA, LLB, JD, MBA, CDPM is a founding partner of DMC LLP, Canada’s largest dental-only law firm that helps dentists sell and buy practices in Ontario. Michael leads DMC’s annual Caribbean dental mission trips (Grenada, Jamaica, St. Lucia, Turks & Caicos, Bahamas and Antigua). Michael can be reached at michael@dentistlawyers.ca or 647.680.9530.
