As a result of the breaches of privacy, the Plaintiffs commenced a class action against the employees of the Hospital (who allegedly accessed the records), as well as against the Hospital itself for failing to supervise those employees.
The central issue: is PHIPA a "complete code"?
The Hospital moved under Rule 21.01(a) and (b) to strike the statement of claim on the basis that it disclosed no reasonable cause of action. The issue before Justice Edwards of the Superior Court, and subsequently on appeal, was whether or not privacy breaches involving health information must be dealt with exclusively under PHIPA. If PHIPA was indeed a "complete code", then individuals whose health information privacy is breached can look only to the statute for a remedy, and importantly, could not bring a court action for intrusion upon seclusion.4
"The Court of Appeal upheld the decision of Justice Edwards in holding that PHIPA is not a complete code, and therefore, the Plaintiffs` class action was entitled to continue." |
The Court of Appeal upheld the decision of Justice Edwards in holding that PHIPA is not a complete code, and therefore, the Plaintiffs` class action was entitled to continue.
The Reasoning of the Court of Appeal
The Court of Appeal referred to the decision of Justice Cromwell (as he then was) in Pleau v. Canada,5 for the three factors the courts should consider when attempting to determine if a legislative scheme is a complete code:
- The process for dispute resolution;
- The nature of the dispute; and
- The capacity of the scheme to afford effective redress.
The Court of Appeal acknowledged at the outset that PHIPA is a broad piece of legislation: it contains seven parts and seventy-five sections the deal with all facets of protecting health information. The Court recognised that Part VI, which deals with enforcement and administration, which grants the PHIPA Commissioner "extensive procedural and investigate powers in relation to complaints (ss. 59-60) and the power to make a variety of orders".6
However, the Court opined on the discretionary and public-policy role of the Commissioner. In fact, the PHIPA Commissioner (who intervened on behalf of the Plaintiffs), argued that the role of the Commissioner is to focus on systemic issues, rather than individual complaints.7
The Court then focused on areas where PHIPA intertwines with the Court system: i.e. the Commissioner can refuse to deal with complaints that are better left to another tribunal (s. 57(4)(b));8 immunity in an action is granted to entities who have, in good faith, attempted compliance with the statute (s. 71);9 and damages must be sought in the Court once the Commissioner has made an Order (s. 65).10
In the final paragraphs of the decision, the Court canvassed the Defendants' case law, and distinguished each one.
Conclusion
For better or for worse, the tort of intrusion upon seclusion is here to stay. Under the Court of Appeal's rationale in Hopkins, it is unlikely that any of the privacy statutes throughout Canada will oust the tort.
For businesses that in any way interact with the private information of others, it is vital that they comply with many requirements the statutes impose. The lawyers in McCague Borlack's privacy law and investigations practice group are experienced in spotting these issues before they become costly.
1 S.O. 2004, c. 3, Sch A.
2 Hopkins v. Kay, 2015 ONCA 112 at para. 14 [ONCA - Hopkins].
3 Hopkins v. Kay, 2015 ONSC 321 at para. 3 [ONCA - Hopkins].
4 See Ruth Sullivan, Sullivan on the Construction of Statutes, 6th ed (Markham, Ont: LexisNexis Canada, 2014) at para. 17.20, cited by ONCA - Hopkins at para. 29.
5 1999 NSCA 159.
6 ONCA - Hopkins, at para. 21.
7ONCA - Hopkins, at para. 56.
8 ONCA - Hopkins, at para. 39.
9 ONCA - Hopkins, at para. 41.
10 ONCA - Hopkins, at para. 42.
