Patients' right to sue hospitals may have big impact on public purse
By AdvocateDaily.com Staff
The Ontario Court of Appeal decision that makes it possible for patients to sue hospitals and other health-care organizations for privacy breaches could potentially have significant financial ramifications, says Toronto health lawyer Kate Dewhirst.
Hopkins v. Kay, 2015 ONCA 112 (CanLII), a proposed class-action suit, was launched after the plaintiff (respondent on appeal) was one of 280 patients at the Peterborough Regional Health Centre who had their health records accessed by unauthorized staff members in 2011 and 2012.
Erkenraadje Wensvoort, the respondent, alleges in the statement of claim that she attended the hospital on several occasions for treatment of injuries inflicted by her then-husband. She eventually left her husband, but still feared for her safety and took steps to safeguard her identity. She fears her ex-husband paid someone to access her patient records in order to find her.
The issue on appeal was whether the respondent is precluded from bringing a common law claim for intrusion upon seclusion in the Superior Court (established in Jones v. Tsige, 2012 ONCA 32 (CanLII)) because the Personal Health Information Protection Act (PHIPA) creates an exhaustive code.
The appellate court ruling upholds the lower court decision that Ontario’s health privacy laws do not prevent patients from seeking legal action against hospitals if their privacy is breached.
The court dismissed the hospital’s appeal and awarded the respondent the costs of the appeal at $24,000.
Dewhirst, principal at Kate Dewhirst Health Law, notes that the ruling is significant because of the fact that health-care organizations are publicly funded in Canada.
“A privacy breach is different than other kinds of malpractice litigation in health care,” she says. “A privacy breach could affect hundreds, thousands or tens of thousands of individuals. That is a much different scale than other kinds of class action litigation health-care organizations have seen.”
Dewhirst says that will be the challenge for the public health-care system.
"The public is going to have to pay for these kinds of privacy breaches,” she says. “I am struck by how much this could impact the public purse. We’ll wait to see what the quantum of this class action is going to be as it has potential to have a big financial impact in health care."
Dewhirst says the outcome of the matter may also mean that health-care organizations have to purchase additional insurance to protect themselves.
“I think we’ll see some changes to the insurance scheme so that there will be insurance coverage offerings that health-care organizations can purchase to protect themselves from these kinds of scenarios,” she says.
But ultimately, Dewhirst says, health-care organizations will have to employ risk-management strategies to avoid patient privacy breaches by developing up-to-date privacy policies and proactively training their staff.
She says health-care organizations have spent a fair amount of time and money trying to meet their privacy obligations to date, but in some ways, privacy awareness “fell off the radar” for many hospitals and other health-care organizations.
“This case puts the issue back to the forefront and many health-care organizations are going to have to put renewed resources behind their privacy practices,” she says.