Privacy of personal information is a fundamental value of the law recognized in Charterjurisprudence. This includes privacy of one’s personal health information.
The tort of intrusion upon seclusion was first recognized by the Ontario Court of Appeal in Jones v Tsige,2012 ONCA 32, in order to provide a remedy to individuals whose informational privacy has been breached.
However, as explained in Stewart v Demme,2022 ONSC 1790, the threshold for intrusion upon seclusion is high, as the intrusion must be “highly offensive” to a reasonable person in the circumstances. Accordingly, not every breach of privacy of personal health information will automatically support a claim of intrusion upon seclusion.
The Tort of Intrusion Upon Seclusion
In Jones v Tsige,the Court of Appeal found that the facts of the case cried out for a remedy. The defendant and plaintiff did not know each other, but worked for different branches of the same bank. The plaintiff entered into a common law relationship with the defendant’s ex-husband, following which the defendant used her work computer to access the plaintiff’s personal banking information over 174 times over approximately 4 years.
The Court therefore recognized the tort of intrusion upon seclusion, consisting of the following elements:
The Context of Personal Health Information: Stewart v Demme,2022 ONSC 1790
In Stewart v Demme, 2022 ONSC 1790, the court considered the tort of intrusion upon seclusion in the context of personal health information. The defendant, Ms. Demme, was a nurse employed by the Defendant hospital. Over the course of approximately 10 years, Ms. Demme accessed over 11,000 individual patient records in order to facilitate theft of narcotics. The records accessed included both patients to whom Ms. Demme provided care, or were patients on her unit, as well as other patients of the Hospital who were not within her circle of care and to whom she did not provide care.
Ms. Demme would access the patient’s records on the automated medication dispensing unit located on the day surgery unit where she worked. She would select a patient name, following which the screen would display the patient’s identification number, the hospital unit they had visited, any allergies to medications, and sometimes the medications dispensed to that patient in the last 32 hours. Ms. Demme would access the records briefly, for a matter of seconds, obtaining only the information necessary to open the medication dispensing drawer. On cross-examination Ms. Demme said that the only reason she accessed the patient records was to facilitate theft of the narcotics.
A proposed class action was commenced against the Hospital and Ms. Demme, and was certified to proceed with a claim for intrusion upon seclusion. The certification turned on the third element of the test – whether the nature of the invasion is such that a reasonable person would regard it as highly offensive, causing distress, humiliation, or anguish. The certification judge’s decision to certify the class action was influenced by the nature of the privacy interest infringed. The certification judge held that “any intrusion - even a very small one - into a realm as protected as private health information may be considered highly offensive."
The hospital appealed the certification to the Divisional Court, arguing that the nature of the invasion was not “highly offensive” when viewed objectively. The Divisional Court agreed, and allowed the appeal.
Justice Sachs specifically stated that “[n]ot every intrusion into private health information amounts to a basis to sue for the tort of intrusion upon seclusion.” The particular intrusion must be highly offensive to a reasonable person with regard to relevant circumstances.
While it is not an element of the cause of action that the facts must “cry out for a remedy,” Justice Sachs held that it does inform the analysis as it is “designed to offer a remedy in situations where the privacy intrusion is very serious, not [in] any privacy intrusion [emphasis added].”
In this case, each patient record was accessed briefly, for a matter of seconds, for the sole purpose of obtaining the narcotics. The information accessed was limited (as described above) and access was fleeting. Ms. Demme did not retain or share the information. Thus, while Ms. Demme did access personal health information, the intrusion was not one which would be highly offensive to a reasonable person.
The appeal was allowed and the plaintiff’s motion to certify her action for intrusion upon seclusion was dismissed.
To learn more about Wise Health Law and our services, please contact us!
