The tort of intrusion upon seclusion is a recent addition to our common law in Ontario, under the umbrella of invasion of privacy (see our previous blog on this topic here). It emerged in 2012 with the Ontario Court of Appeals (ONCA) decision in the case of Jones v. Tsige. In that decision, the ONCA defined the tort and set out the three-part test to establish this cause of action:
- the defendant’s conduct must be intentional (including recklessness)
- the defendant had to have invaded the plaintiff’s private affairs or concerns without lawful justification
- the intrusion would be highly offensive to a reasonable person (causing distress, humiliation or anguish).
Affected individuals can now go to court to be compensated for this type of breach of privacy. A question recently arose with respect to a mass invasion of privacy affecting thousands of patients but one that was very “fleeting” and caused no proven harm to any individual patient or their care. Could this situation be considered an “intrusion upon seclusion” and properly certified as a class action? The answer was yes it could or at least should be certified to allow the action to determine the establishment of the tort and what compensation, if any, was warranted.
Thousands of Patient Records Were Briefly Accessed
A nurse, employed by an Ontario hospital, engaged in a continuing series of opioid thefts over the course of nine years. Her drug of choice was Percocet. The nurse accumulated 23,932 Percocet pills illegally. Once discovered, the nurse was dismissed, lost her licence to practice and was convicted criminally.
The method used by the nurse involved the searching of patients’ medical records and charts to determine who had been prescribed Percocet. The nurse would then obtain the drug under the guise of doing so for the patient, and then keep it for herself. Some peopel were the nurse’s patients, though many were not. Some 11,358 patient records were viewed for this purpose.
When the hospital became aware of what had occurred, it notified each patient of the unauthorized access to their personal health information (PHI). The letter specified the scope of the intrusion to be limited to the patient’s name, their hospital identification number, their unit in the hospital and possibly any allergy information. The hospital described the access as fleeting at best.
There was little evidence, if any, that any patient care was adversely affected. It appears that no one was given Percocet without a prescription and conversely that no patient was denied the painkiller when needed and prescribed. However, this was not a claim in malpractice but rather one based on the newer tort of intrusion upon seclusion. The hospital relied on audits to secure against such thefts but the audits were never undertaken for the access point used by the nurse. It was only when she became sloppy and accessed Percocet for a patient who had already been discharged that she was caught.
What is Necessary to Establish a “Highly Offensive” Intrusion?
The first two components of intrusion upon seclusion were established being that one, the nurse’s actions were intentional; and two, the information she looked at in the patients’ health records was private and she did not have the authority to view those records.
The issue in dispute then was whether the third part of the test could be established; that is, whether the “fleeting” intrusion could be considered to be highly offensive to a reasonable person.
The defendant’s position was that the intrusion was minimal and as such did not rise to the level of being actionable under the torts umbrella. This position was taken despite the defendant’s acknowledgment that patients would have an expectation of privacy and confidentiality when it comes to their PHI. Their argument was that such fleeting access was not highly offensive and should not be actionable as a result.
The plaintiffs’ position was that the access was made by a drug addict who also likely sold some of her opioids to others for profit. The aim of the transgressor is not, however, the measure to be taken; the intrusion is egregious no matter the motive. The tort does not require any physical or monetary loss to be made out. The offensiveness is to be measured by the nature of the privacy interest being infringed, and not on the magnitude of the infringement. Therefore the ONCA determined that the action would be certified.
The lawyers at Wise Health Law, are passionate about helping health professionals and healthcare organizations understand their legal obligations with respect to patient privacy. We monitor trends and developments in the health sector so that we can provide consistently forward-thinking legal advice and risk management guidance to all of our clients. Our lawyers have significant trial and appellate experience and will skillfully represent clients whenever litigation is required. Contact us online, or at 416-915-4234 for a consultation.