Hopkins v Kay: Health Law Information Remains Protected by the Common Law
In Hopkins v Kay, 2015 ONCA 112 the Ontario Court of Appeal (“ONCA”) ensured that parties who suffer misuse of their private health information can claim common law damages against the wrongdoer. The court found that statutory damages under the Personal Health Information Protection Act, 2004, SO 2004, c 3, Sch A [PHIPA], did not create an exhaustive means of redress.
This case arose from a massive violation of patient information in Ontario. The respondent, Erkenraadje Wensvoort, was one of 280 patients who had their health information improperly accessed and who were notified of the breach, as is required by PHIPA.
The respondent had previously sought medical care for injuries inflicted by her ex-husband, whom she had subsequently left and hidden from. She feared that the breach was actually an attempt by him to locate her.
She claimed damages through the tort of intrusion upon seclusion against the hospital employees who conducted the searches.
The main issue was whether PHIPA, a statute designed to govern health information, was an exclusive code that barred common law actions predicated on the misuse of such data.
The appellants argued that PHIPA established an exhaustive code of law, and that allowing the respondent’s claim would “contradict the statutory scheme, defeat the intention of the legislature and undermine the policy choices embodied in [PHIPA]” (para 28). The respondents disagreed.
Did PHIPA create an exhaustive code that prevented a common law claim of damages?
An exhaustive code is a type of statute that “is meant to offer an exclusive account of the law in an area; it occupies the field in that area, displacing existing common law rules and cutting off further common law evolution” (para 29; citing Ruth Sullivan, Sullivan on the Construction of Statutes, 6th ed (Markham, Ont: LexisNexis Canada, 2014)). If PHIPA is such a statute, a court could entertain this claim.
The courts use a three factors to determine whether a statute is the exclusive authority in an area:
- The language of the statute, and in particular the legislative process for dispute resolution;
- The nature of the dispute, and how the legislative scheme interacts with it; and
- The regime’s ability to provide effective redress.
PHIPA’s Language and Process
The ONCA determined that while PHIPA established comprehensive rules pertaining to the collection, use and disclosure of health information, “details regarding the procedure or mechanism for the resolution of disputes are sparse” (para 37). Thus, while the regime was clearly designed to address systematic concerns, “[its] procedure is not designed for the resolution of all individual complaints” (para 38). In fact, the ONCA found PHIPA to “expressly [contemplate] the possibility of other proceedings” (para 45).
This factor weighed against the appellant’s claim.
The Nature of the Claim
The ONCA also held that the tort of intrusion upon seclusion is distinct form the sorts of claims that can be made under PHIPA. In particular, “[t]he first and third elements of the common law claim represent significant hurdles not required to prove a breach of PHIPA” (para 48). Moreover, “[t]he elements of the common law cause of action are, on balance, more difficult to establish than a breach of PHIPA…” (para 52). Given the differences between the doctrines, it could not be said the respondent’s claim undermined PHIPA.
The Issue of Redress
The ONCA found, based on the historical use of PHIPA’s enforcement mechanisms, that “many individual complaints that could give rise to a proper claim in common law will not” be redressed through PHIPA’s existing procedures (para 59). PHIPA was intended, and has been used as such, to address systemic issues, not personal wrongs. The ONCA felt that the common law was still necessary to ensure that parties who suffer a misuse of their medical information have some ability to seek personal redress.
The ONCA held that PHIPA was not an exclusive code and did not bar the respondent’s claim.
In this decision, the ONCA clearly felt the need to maintain potent incentives against the misuse of health information. Given the incredibly sensitive nature of the information compiled when seeking medical care, it is hard to fault the court for reaching such a conclusion. Misusing personal health information could have a devastating impact on the victim’s life. Establishing appropriate deterrence is clearly necessary.
Moreover, this decision is just. While damages will normally be a “modest conventional sum” in this particular claim, when proof of actual harm is established (beyond the actual improper access of the information) damages will be awarded as necessary (para 50; citing Jones v Tsige, 2012 ONCA 32, para 71).
In essence, this decision merely held that a statutory framework, intended to provide more effective care to patients, did not rob the intended beneficiaries of another benefit conferred by law: the right to seek compensation when their interests are violated.