In any healthcare system, safeguarding patient privacy is not only an ethical matter: it presents a legal imperative. Recent events in Ontario have brought this imperative into sharp focus, with the termination for cause of eight employees at Hamilton Heath Sciences (HHS) due to a serious privacy breach. These employees accessed patient records without proper authorization, exposing nearly 4,000 patients’ confidential information. This information ranged from including sensitive medical histories to non-medical personal data.

What Constitutes “Cause” in Termination for Employee Misconduct?

Unsurprisingly, HHS terminated these employees for cause. Cause can flow from either one single event that breaches the employment agreement as experienced by the employees who breached patient records or a series of smaller, less serious infractions, followed by warnings from the employer. These warnings signal that further similar conduct will result in further discipline and/or dismissal for cause. Ordinarily, due to the gravity of the misconduct, breaches of confidentiality and unauthorized access to sensitive data would be considered grounds for a termination for cause, if deliberate. However, the specific circumstances of each employee’s involvement in the unauthorized access will likely be scrutinized to determine if their actions warranted such a dismissal.

At the same time, the Personal Information Protection and Electronic Documents Act (PIPEDA) governs the collection, use, and disclosure of personal information by private sector organizations. The breach at HHS may have violated PIPEDA, potentially leading to fines and penalties if the Privacy Commissioner of Canada made a finding that the institution failed to adequately protect patient data. Affected patients may also be able to seek compensation for any harm they suffered as a result of the breach and the leaking of their personal information. Finally, the College of Nurses of Ontario and the Information and Privacy Commissioner of Ontario may decide to conduct investigations into the actions of the healthcare institution and its employees.

This incident underscores the importance of healthcare institutions maintaining robust data security measures, not only to protect patient confidentiality but also to avoid legal ramifications. It serves as a reminder to healthcare institutions that heightened vigilance is necessary and demanded from them with respect to safeguarding patient data.

How Can Individuals Contact Whitten & Lublin for Legal Consultation?

At Whitten & Lublin, we understand that facing a termination for cause can be a stressful and challenging experience. Our experienced employment lawyers can help you navigate your legal options and ensure that you receive the compensation you deserve. We encourage anyone affected by the recent layoffs in Canada to contact us for a consultation either online or by phone at (416) 640 -2667 today.

Author – Carson Healey