PHIPA Does Not Preclude the Recourse to Common Law for Health Privacy Violations
‘‘With the click of a mouse, personal health records can be accessed by those who have a legitimate interest in properly treating a patient – or they can be accessed for an improper purpose.’’
These were the opening words of the Ontario Superior Court in the case of Hopkins v. Kay where Representative Plaintiffs sought to bring a class action suit against a hospital and other defendants, alleging that approximately 280 patient records of the Peterborough Regional Health Centre (the ‘‘Hospital’’) were intentionally and wrongfully accessed by the Hospital’s staff and others.
The Plaintiffs based their claim on the tort of intrusion upon seclusion or breach of privacy based on Jones v. Tsige, 2012 ONCA 32. The Hospital in turn sought an order from the Superior Court to strike the Plaintiff’s statement of claim, taking the position that the essential character of the Plaintiff’s claim falls squarely within the scope of the Personal Health Information Act (‘‘PHIPA’’), contending that it constitutes a comprehensive legislative scheme dealing specifically with personal information in the health care context. Fundamentally, the Hospital takes the position that PHIPA has ‘‘occupied the field’’ and, as such, the claims by the Plaintiffs based on a common law tort are precluded by PHIPA. The Plaintiffs take the position that their claim for breach of privacy has been recently recognized by the Ontario Court of Appeal in Jones v. Tsige and that PHIPA does not oust the jurisdiction of the common law courts on this matter.
The motion judge refused to strike the claim and held that it was not plain and obvious that the claim based on Jones v. Tsige could not succeed. The Hospital appealed the decision.
The Hospital’s appeal raised the following issue: ‘‘Does PHIPA create an exhaustive code governing patient records that precludes common law claims for breach of privacy and ousts jurisdiction of the Superior Court?’’. The Court followed a three-part analysis, considering: (1) the intent of the legislator to create an exhaustive code, (2) the essential character of the claim, and (3) whether PHIPA provides effective redress. The appeal was dismissed.
The Intent of the Legislator to Create an Exhaustive Code
Firstly, the Court considers whether PHIPA creates and exhaustive code governing patient records. The language of PHIPA was examined to find an implied intention to create an exhaustive code, as it does not explicitly state anything on the question of exclusivity. The Court concludes that the language of PHIPA does not imply a legislative intention to create an exhaustive code in relation to personal health information for the following reasons.
While PHIPA does contain a very exhaustive set of rules and standards for custodians of personal health information, details regarding the procedure or mechanism for the resolution of disputes are sparse. In fact, the nature of the process established by PHIPA is to facilitate the Commissioner’s investigation into systemic issues – it is not a process designed for the resolution of all individual complaints.
Moreover, the act itself expressly contemplates other proceedings in relation to personal health information and, to the extent PHIPA does provide for individual remedies, it turns to the courts for enforcement as the Commissioner has no power to award damages.
In conclusion, it is held that PHIPA provides for an informal and highly discretionary review process that is not tailored to deal with individual claims.
The Essential Character of the Claim
Secondly, the Court examines the ‘‘essential character of the claim’’ to assess whether the claim is regulated by PHIPA. The respondent’s claim does not rely on a breach of PHIPA but rather is based solely upon a common law right of action. In fact, proving a breach of PHIPA falls well short to what is required to make out the Jones v. Tsige claim. The elements of the tort require a plaintiff to establish (1) intentional or reckless conduct by the defendant, (2) that the defendant invaded without lawful justification, the plaintiff’s private affairs or concerns and (3) that a reasonable person would regard the invasion as highly offensive, causing distress humiliation or anguish. The first and third elements represent significant hurdles that are not required to prove a breach of PHIPA. This comparison leads the Court to conclude that allowing actions based on Jones v. Tsige would not undermine the PHIPA scheme. It cannot be said that a plaintiff, by launching a common law action, is ‘‘circumventing’’ any substantive provision of PHIPA.
Effective Redress Under PHIPA
Thirdly, the Court considers whether PHIPA’s dispute resolution procedure provides effective redress. The discretionary review procedure, as well as the Commissioner’s explicitly stated intention to focus on systemic issues, leads the Court to conclude otherwise. The Court finds that many individual complaints that could give rise to a proper claim in common law will likely not result in an order from the Commissioner. Moreover, the broad discretion conferred on the commissioner by PHIPA means that complainants would face an expensive uphill fight on any judicial review challenging a decision not to review or proceed with an individual complaint.
In conclusion, the court disagrees with the contention that it should imply within the PHIPA a legislative intention to confer exclusive jurisdiction on the Commissioner to resolve all disputes over misuse of personal health information. The essential character of the claim does not undermine the PHIPA scheme and, in the absence of an effective dispute resolution procedure, there is no merit to the suggestion that the Court should decline to exercise its jurisdiction.
This case provides guidance regarding the stringent circumstances under which a Canadian court will refuse to assert common law jurisdiction over cases resulting from breaches of privacy when concurrent statutes aimed at protecting personal information, such as PHIPA, are invoked.
 2014 ONSC 321.
 Hopkins v. Kay, 2015 ONCA 112.
health privacy violations Ontario Superior Court Personal Health Information Act PHIPA