by Victoria Tremblett August 13, 2022 3 min read

Privacy of personal information is a fundamental value of the law recognized in Charterjurisprudence. This includes privacy of one’s personal health information.

The tort of intrusion upon seclusion was first recognized by the Ontario Court of Appeal in Jones v Tsige,2012 ONCA 32, in order to provide a remedy to individuals whose informational privacy has been breached.

However, as explained in Stewart v Demme,2022 ONSC 1790, the threshold for intrusion upon seclusion is high, as the intrusion must be “highly offensive” to a reasonable person in the circumstances. Accordingly, not every breach of privacy of personal health information will automatically support a claim of intrusion upon seclusion.

The Tort of Intrusion Upon Seclusion

In Jones v Tsige,the Court of Appeal found that the facts of the case cried out for a remedy. The defendant and plaintiff did not know each other, but worked for different branches of the same bank. The plaintiff entered into a common law relationship with the defendant’s ex-husband, following which the defendant used her work computer to access the plaintiff’s personal banking information over 174 times over approximately 4 years.

The Court therefore recognized the tort of intrusion upon seclusion, consisting of the following elements:

  1. The defendant’s conduct is intentional (or reckless);
  2. The defendant invades, without lawful justification, the plaintiff’s private affairs or concerns;
  3. The nature of the invasion is such that a reasonable person would regard it as highly offensive, causing distress, humiliation, or anguish.

The Context of Personal Health Information:  Stewart v Demme,2022 ONSC 1790

In Stewart v Demme, 2022 ONSC 1790, the court considered the tort of intrusion upon seclusion in the context of personal health information. The defendant, Ms. Demme, was a nurse employed by the Defendant hospital. Over the course of approximately 10 years, Ms. Demme accessed over 11,000 individual patient records in order to facilitate theft of narcotics. The records accessed included both patients to whom Ms. Demme provided care, or were patients on her unit, as well as other patients of the Hospital who were not within her circle of care and to whom she did not provide care.

Ms. Demme would access the patient’s records on the automated medication dispensing unit located on the day surgery unit where she worked. She would select a patient name, following which the screen would display the patient’s identification number, the hospital unit they had visited, any allergies to medications, and sometimes the medications dispensed to that patient in the last 32 hours. Ms. Demme would access the records briefly, for a matter of seconds, obtaining only the information necessary to open the medication dispensing drawer. On cross-examination Ms. Demme said that the only reason she accessed the patient records was to facilitate theft of the narcotics.

A proposed class action was commenced against the Hospital and Ms. Demme, and was certified to proceed with a claim for intrusion upon seclusion. The certification turned on the third element of the test – whether the nature of the invasion is such that a reasonable person would regard it as highly offensive, causing distress, humiliation, or anguish. The certification judge’s decision to certify the class action was influenced by the nature of the privacy interest infringed. The certification judge held that “any intrusion - even a very small one - into a realm as protected as private health information may be considered highly offensive."

The hospital appealed the certification to the Divisional Court, arguing that the nature of the invasion was not “highly offensive” when viewed objectively. The Divisional Court agreed, and allowed the appeal.

Justice Sachs specifically stated that “[n]ot every intrusion into private health information amounts to a basis to sue for the tort of intrusion upon seclusion.” The particular intrusion must be highly offensive to a reasonable person with regard to relevant circumstances.

While it is not an element of the cause of action that the facts must “cry out for a remedy,” Justice Sachs held that it does inform the analysis as it is “designed to offer a remedy in situations where the privacy intrusion is very serious, not [in] any privacy intrusion [emphasis added].”

In this case, each patient record was accessed briefly, for a matter of seconds, for the sole purpose of obtaining the narcotics. The information accessed was limited (as described above) and access was fleeting. Ms. Demme did not retain or share the information. Thus, while Ms. Demme did access personal health information, the intrusion was not one which would be highly offensive to a reasonable person.

The appeal was allowed and the plaintiff’s motion to certify her action for intrusion upon seclusion was dismissed.



Also in Blog

Limitation Period in Actions for Medical Malpractice: Discovery of the Claim vs. Merits of the Claim
Limitation Period in Actions for Medical Malpractice: Discovery of the Claim vs. Merits of the Claim

by Victoria Tremblett September 08, 2022 4 min read

Discovery of a claim will not be tied to receipt of supportive expert reports where the plaintiff was previously aware of the material facts.
Deferring to the Most Responsible Physician can Lead to Liability
Deferring to the Most Responsible Physician can Lead to Liability

by Mina Karabit September 02, 2022 3 min read

Even if only involved as a consultant, a physician can be found negligent for deferring to the decisions of the MRP.
Bad Faith Allegations Against a Regulatory College are Difficult to Prove
Bad Faith Allegations Against a Regulatory College are Difficult to Prove

by Mina Karabit August 20, 2022 4 min read

Without particularized evidence of malice, a civil claim against a regulatory College for bad faith will likely fail.