Ruling brings clarity to sharing health-care providers' names

By Staff

The default position of health-care organizations should be to share service providers’ full names to patients on request, Toronto health lawyer Kate Dewhirst tells

Dewhirst, principal of Kate Dewhirst Health Law, has received a number of inquiries from clients in recent months on the issue, typically concerning staff members worried about the possibility of a regulatory or human rights complaint by a patient.

Those concerns are not enough to justify withholding the full names of a service provider, she says.

“The default for health-care organizations is to share the names unless there’s a real or potential threat that is more than just speculative,” Dewhirst explains. “In many cases, it’s an issue of human decency and courtesy that people are entitled to know who is providing them with services.

“Of course it can be very challenging and difficult to deal with a human rights complaint or an investigation by a regulatory body, but they aren’t threats."

However, Dewhirst says the situation can change when a patient has a history of violent or threatening behaviour.

“In those circumstances, organizations need to be mindful of sharing information that could allow someone to be harassed, stalked, threatened or physically hurt,” says Dewhirst, acknowledging that health-care providers sometimes face a tricky balancing act, depending on the facts of each case.

“This hits right at the intersection between professional courtesy, security, employment and workplace safety and privacy, which makes it a very interesting issue,” Dewhirst says.

However, a recent decision by Ontario’s Information and Privacy Commissioner offers some clarity on when redactions of full names may be appropriate.

The case involved a home-care patient who asked for a copy of his full file from his health-care provider, which acceded largely to his request, except that it redacted the names of the people who visited him for treatment.

The man complained to the privacy commissioner, prompting the organization to explain that his repeated verbal abuse of female staff members and the prejudicial views he expressed about the “intelligence and skills” of women gave rise to a concern that informing him of their full names could put its female employees at risk of personal harm or abuse.

According to the decision, the organization argued that the redactions were justified under s. 52 (1)(e)(i) of the Personal Health Information Protection Act, which allows health information custodians to withhold information from a patient’s record if granting access could “reasonably be expected” to result in a “risk of serious bodily harm to the individual or another person.”

But the adjudicator was not convinced and ordered the organization to turn over the full, unredacted files.

“While [the complainant’s] behaviour is inappropriate, I conclude that these instances of past verbal abuse are insufficient on their own to engage the exemption,” the adjudicator wrote. “In my view, the harms that the [health-care organization] submits are ‘reasonably likely’ to result from providing access to the information at issue are speculative in nature.”

Dewhirst says the decision is particularly useful for organizations faced with a difficult patient.

“The privacy commissioner was very clear in this case that having someone be unpleasant does not give rise to the exception in the Act,” she says. “The threat of physical harm has to be more than theoretical.”

To Read More Kate Dewhirst Posts Click Here