by Benny Chan
*Content posted to the blog represents the views of the author only and not those of Health Law in Canada, its Board members or affiliates or IHPME*
On October 25, 2018, Perell J of the Ontario Superior Court of Justice released a decision in Broutzas v Rouge Valley Health System[1] denying a motion to certify two class actions relating to the improper access of hospital records of patients who had given birth at the Rouge Valley and Scarborough hospitals (subsequently merged into one hospital). Specifically, the accessed information consisted of contact information (e.g. name, address, phone number, partial OHIP number) and pregnancy status. No medical notes or records were accessed. This information was then used to solicit sales for Registered Education Savings Plans (RESPS) for the newborns. Some of the defendants were eventually convicted of charges under the Ontario Securities Act and the Criminal Code and the hospital defendants were found to be in breach of the Personal Health Information Protection Act (PHIPA).[2] The plaintiffs brought two class actions alleging, among other causes of action, the tort of intrusion upon seclusion.[3] In restricting the scope of intrusion on seclusion with respect to hospital records, Perell J remains faithful to the Ontario Court of Appeal’s decision in Jones v Tsige[4] while providing important guidance on what is still a developing tort.
Perell J’s Reasoning
In the seminal case of Jones, Sharpe JA established the main elements of the tort of intrusion upon seclusion: 1) intentional or reckless conduct by the defendant; 2) invasion of private affairs or concerns; 3) conduct that would be considered by a reasonable person to be highly offensive causing distress, humiliation or anguish.[5] Applying the principles set out in Jones to the immediate case, Perell J found that the plaintiffs did not have a reasonable cause of action.[6] While there was admittedly an intrusion, there was no intrusion on seclusion. The plaintiffs had no privacy interest in contact information, which “is publicly available and is routinely and readily disclosed to strangers to confirm one’s identification, age, or address”.[7] The fact of pregnancy and the anticipation of a child constitutes information that is typically publicized among one’s social circles. Moreover, what was improperly disclosed to the RESP sales representatives consisted of information that the plaintiffs would have already “disclosed at maternity, baby, and kid clothing stores or at trade shows”.[8]
In support of his conclusion, Perell J referenced Canadian and American cases in which courts declined to find a breach of privacy despite unauthorized access or disclosure of private information. Some of these cases involved the disclosure of social insurance numbers, driver’s licence numbers, phone numbers, and insurance plan information.[9] With respect to cases where the court found a tenable cause of action for intrusion on seclusion, Perell J noted that the improper access or disclosure involved information that went beyond contact information (e.g. financial, medical, intimate information) or placed the plaintiff at risk of identify theft or physical harm.[10]
Significance
Perell J’s reasons provide welcome guidance on the scope of the still-developing tort of intrusion on seclusion. While Jones made it clear that the tort is concerned only with significant information such as financial records, health records, sexual practices, there was hitherto no judicial decision in Canadian Common law that established whether all information contained in a patient’s hospital record rose to the same level of privacy or seclusion. In line with Jones and cases in Canadian and American jurisdictions, Perell J’s reasons make it clear that information that is typically shared (such as a pregnancy status) or publicly available (such as contact information) will not be captured by the tort. This remains the case if the access of the information runs afoul of PHIPA, the Ontario Securities Act, or even the Criminal Code. As Perell J writes, the “parameters of intrusion on seclusion are tight and narrow and this tort is not established by some sort of guilt by association”.[11] In affirming the restricted scope of the tort, the Broutzas decision may bring some measure of relief to health care administrators who already live under the constant spectre of liability and regulatory penalties associated with data leaks. Plaintiff’s counsel, on the other hand, will have to be more circumspect when bringing suits based on the improper access or disclosure of information contained in a patient’s hospital record.
Disclosure: The author was involved in Rouge Valley Health System and the Scarborough Hospital’s defense while articling at Borden Ladner Gervais LLP.
[1] 2018 ONSC 6317 [Broutzas].
[2] Ibid at paras 2-3.
[3] The other causes of action were: breach of PHIPA; negligence; breach of contract and warranty; and vicarious liability (Broutzas, supra at para 9).
[4] 2011 ONSC 1475 [Jones].
[5] Jones, supra at para 70-73.
[6] Broutzas, supra at para 124.
[7] at para 153.
[8] Ibid at para 157.
[9] Ibid at paras 160-162.
[10] Ibid at paras 166-172.
[11] Ibid at para 174.
Sign up for IHPME Connect.
Keep up to date with IHPME’s News & Research, Events & Program, Recognition, e-newsletter.
Subscribe to Connect Newsletter
Get in Contact
Communications
Marielle Boutin
Email Address: ihpme.communications@utoronto.ca