Significant decision in hospital privacy breach case
The Supreme Court of Canada will not grant leave to appeal in a landmark privacy breach case at an Ontario hospital, say Toronto health lawyers Mary Jane Dykeman and Kate Dewhirst of DDO Health Law. Financial Post
The application for leave was dismissed without costs.
Hopkins v. Kay, 2014 ONSC 321 (CanLII), involved the unauthorized access to hundreds of patient health records by staff at Peterborough Regional Health Centre in 2010 and 2011. The plaintiffs took their case to the Superior Court of Justice, and in February 2015, the Ontario Court of Appeal ruled that Ontario’s Personal Health Information Protection Act (PHIPA) does not preclude civil actions from being brought by those affected by a privacy breach.
“This means that the common law tort of intrusion upon seclusion established in Jones v. Tsige, 2012 ONCA 32 (CanLII), remains available to an individual who has experienced a privacy breach. The affected individual can go to court to seek damages of up to $20,000," Dykeman tells AdvocateDaily.com.
Dewhirst adds, “Although some individuals will continue to make complaints about privacy breaches to the Information and Privacy Commissioner of Ontario, others will go to court, and that creates potential financial consequences to health-care providers."
Dykeman says that the Commissioner, Brian Beamish, has always taken the position that some might call prescient – that PHIPA was not drafted to preclude taking a privacy breach case straight to court.
The stakes have officially been raised, Dewhirst comments, given that this outcome will pave the way to multiple class-action lawsuits proceeding in Ontario for health privacy breaches.
“Staff training remains the best way to insulate against any of the variety of sanctions privacy breaches create. That doesn’t mean off-site training for every employee, but it does mean that someone in the organization has to be well-equipped to reach those individuals, early and often, and that the privacy program is layered to create that reach," she says.
DDO Health Law is currently offering an intensive training course for health sector privacy officers, taught by Dykeman and Dewhirst. While the training launched on Oct. 14, anyone interested in joining can register and watch the Oct. 14 webcast, then join with the group for the Nov. 10 and Dec. 8 sessions, either in person in downtown Toronto or via webcast.