Back in 2012, the Ontario Court of Appeal recognized the tort of invasion of privacy – fast forward to the recent string of privacy breaches of personal information held by health care facilities in Ontario. Along comes Hopkins v Kay, 2014 ONSC 321 (CanLII), where patients from the Peterborough Regional Health Centre have launched a $5.6 million class action lawsuit against the Hospital alleging that approximately 280 patient records were intentionally and unlawfully accessed and disseminated to third parties without the patients’ consent.
The Hospital brought a motion to strike the plaintiffs’ claim on the basis that it did not disclose a cause of action arguing that the claim was precluded by the Personal Health Information Protection Act, 2004, SO 2004, c 3, Sch A (“PHIPA”) because the legislature intended PHIPA to be a comprehensive code that displaces any common law cause of action, including intrusion upon seclusion (aka the tort of breach of privacy). The Hospital’s position was that the plaintiffs’ only recourse was a complaint to the Privacy Commissioner.
The Ontario Superior Court of Justice dismissed the Hospital’s motion to strike, concluding that it was not plain and obvious that the claim disclosed no reasonable cause of action. The Hospital appealed this decision and lost. The Ontario Court of Appeal held that the Hospital could not escape the proposed class action proceeding on the basis of the provisions of PHIPA.
Now that Hopkins has thrown the doors wide open to potential tort claims against custodians of health information for privacy breaches, the health care community needs to be even more vigilant in its efforts to protect the privacy of health information.