College of Nurses of Ontario v. Armstrong-Fletcher, 2024 ONCNO 140481

Discipline Committee of the College of Nurses of Ontario

PANEL: Michael Hogard, RPN Chairperson Lynn Hall, RN Member Kerrie Naylor, RPN Member Lynda Carpenter Public Member

BETWEEN:

COLLEGE OF NURSES OF ONTARIO ALYSHA SHORE for College of Nurses of Ontario

• and -

SHELLEY ARMSTRONG-FLETCHER Registration No. HA12765 NO REPRESENTATION for Shelley Armstrong-Fletcher

PATRICIA HARPER Independent Legal Counsel

Heard: May 27, 2024

DECISION AND REASONS

Publication Ban

By Order of the Discipline Panel dated May 27, 2024, pursuant to subsection s.45(3) of the Health Professions Procedural Code of the Nursing Act, 1991, no one shall publish or broadcast the names of the patients, or any information that could disclose the identities of the patients, referred to orally or in any documents presented in the Discipline hearing of Shelley Armstrong-Fletcher.

This matter was heard by a panel of the Discipline Committee (the “Panel”) of the College of Nurses of Ontario (the “College”) on May 27, 2024 by videoconference.

The Allegations

The allegations against Shelley Armstrong Fletcher (the “Member”) as stated in the Notice of Hearing dated April 9, 2024 are as follows:

IT IS ALLEGED THAT:

1. You have committed an act of professional misconduct as provided by subsection 51(1)(c) of the Health Professions Procedural Code of the Nursing Act, 1991, S.O. 1991, c. 32, as amended, and defined in subsection 1(1) of Ontario Regulation 799/93, in that while you were employed as a Registered Practical Nurse at Cambridge Memorial Hospital in Cambridge, Ontario, you contravened a standard of practice of the profession or failed to meet the standards of practice of the profession when you:

(a) accessed personal health information in electronic medical records for approximately 900 patients, without consent, authorization or clinical purpose, between August 1, 2020 and August 10, 2021; and/or

(b) accessed the personal health information in Patient [A]’s electronic medical record without consent, authorization or clinical purpose on July 15, 2021; and/or

2. You have committed an act of professional misconduct as provided by subsection 51(1)(c) of the Health Professions Procedural Code of the Nursing Act, 1991, S.O. 1991, c. 32, as amended, and defined in subsection 1(37) of Ontario Regulation 799/93, in that while employed as a Registered Practical Nurse at Cambridge Memorial Hospital in Cambridge, Ontario, you engaged in conduct relevant to the practice of nursing that would reasonably be regarded by members of the profession as disgraceful, dishonourable or unprofessional, when you:

(a) accessed personal health information in electronic medical records for approximately 900 patients, without consent, authorization or clinical purpose, between August 1, 2020 and August 10, 2021; and/or

(b) accessed the personal health information in Patient [A]’s electronic medical record without consent, authorization or clinical purpose on July 15, 2021.

Member’s Plea

The Member admitted the allegations set out in paragraphs #1(a), #1(b), #2(a) and #2(b) in the Notice of Hearing. The Panel received a written plea inquiry which was signed by the Member. The Panel also conducted an oral plea inquiry and was satisfied that the Member’s admissions were voluntary, informed and unequivocal.

Agreed Statement of Facts

College Counsel and the Member advised the Panel that agreement had been reached on the facts and introduced an Agreed Statement of Facts, which reads, unedited and without exhibits mentioned therein, as follows:

THE MEMBER

1. Shelley Armstrong-Fletcher (the “Member”) registered with the College of Nurses of Ontario (“CNO”) as a Registered Practical Nurse (“RPN”) on January 1, 1981.

2. The Member has no prior CNO disciplinary history.

THE FACILITY

3. The Member was employed as a full-time nurse at Cambridge Memorial Hospital located in Cambridge, Ontario (the “Facility”) from November 2, 1981, until her termination on August 12, 2021.

4. The Member worked on a medicine unit (the “Unit”).

INCIDENTS RELEVANT TO ALLEGATIONS OF PROFESSIONAL MISCONDUCT

The Facility’s Electronic Medical Record (EMR) Database

5. The Facility uses electronic medical records (“EMRs”) for all patients.

6. The Facility’s system tracks who accesses EMRs and what parts of an individual EMR are accessed.

Unauthorized Access to Patient A’s Medical Record

7. Patient A is an employee of the Facility. She was admitted to the Facility’s Emergency Department (“ED”) on or around July 15, 2021.

8. After receiving a report that a member of staff on the Unit reviewed Patient A’s records without clinical purpose or consent/authorization, the Facility conducted an audit of accesses made to Patient A’s EMR.

9. The audit revealed that the Member accessed Patient A’s EMR on July 15, 2021 on two occasions for 8 and 33 seconds respectively. There was no clinical basis for the Member to access Patient A’s EMR.

10. The Facility met with the Member on August 9, 2021 to discuss the audit result. During the meeting, the Member admitted that sometimes she looked at patient records on the status board to see which patients may be admitted to the Unit from the ED or ICU. When asked if she remembered looking at a Facility employee ED Hold record, the Member said she did not recall doing so.

Further Audit Results of Unauthorized Access to Patient Records Without Consent

11. Following this meeting, the Facility ran a further audit of the Member’s patient records accesses from August 1, 2020, to August 10, 2021.

12. This audit identified that the Member accessed approximately 900 EMRs, without the patients’ consent, proper authorization, or clinical purpose.

13. In some instances, the Member viewed EMRs for patients who were never admitted to the Unit. In other cases, she viewed patient records for patients on the Unit, but on days when she was not working or outside of her scheduled hours.

14. Following the further audit, the Facility terminated the Member’s employment.

15. If the Member were to testify, she would state that she reviewed EMRs for patients in the ED or ICU to prepare for transfers or possible transfers to the Unit. If she accessed EMRs on days when she was not working or before her shift started, the Member would explain that she did so in order to anticipate the patient load on the Unit during her shift.

16. If the Member were to testify, she would advise that at the time she did not understand that accessing these records, for patients who were outside of her circle of care, was wrong or contrary to the standards of practice of the profession. She had not received a refresher course on confidentiality and privacy in many years.

17. Following this incident, the Member now understands that her conduct was inappropriate. She has undertaken further training regarding confidentiality and privacy.

18. The Member cooperated with CNO throughout its investigation. She admits and acknowledges that she had no clinical reason to access these EMRs, including that of Patient A, and did not have consent or authorization to do so. As a result, the Member admits that she breached these patients’ privacy by inappropriately accessing their EMRs.

CNO STANDARDS

Code of Conduct

19. CNO’s Code of Conduct is a standard of practice describing the accountabilities all Ontario nurses have to the public. The Code of Conduct consists of six principles including:

a. Nurses respect the dignity of patients and treat them as individuals;

b. Nurses work together to promote patient well-being;

c. Nurses maintain patients’ trust by providing safe and competent care;

d. Nurses work respectfully with colleagues to best meet patients’ needs;

e. Nurses act with integrity to maintain patients’ trust; and

f. Nurses maintain public confidence in the nursing profession.

20. CNO’s Code of Conduct provides, in relation to the principle requiring nurses to maintain patients’ trust by providing safe and competent care, that nurses are accountable to, and practice under, relevant laws and CNO’s standards of practice.

21. CNO’s Code of Conduct provides, in relation to the principle requiring nurses to act with integrity to maintain patients’ trust, that nurses protect the privacy and confidentiality of patients’ personal health information.

22. CNO’s Code of Conduct also provides, in relation to the principle requiring nurses to maintain public confidence in the nursing profession, that nurses are accountable for their own actions and decisions.

23. Attached as Exhibit “A” is a copy of CNO’s Code of Conduct which was in force at the time of the incidents.

Professional Standards

24. CNO’s Professional Standards provides an overall framework for the practice of nursing and a link with other standards, guidelines and competencies developed by CNO. It includes seven broad standard statements and indicators that illustrate how the standard may be demonstrated pertaining to accountability, continuing competence, ethics, knowledge, knowledge application, leadership and relationships.

25. CNO’s Professional Standards further provides, in relation to the ethics standard, that ethical nursing care means promoting the values of patient well-being, respecting patient choice, assuring privacy and confidentiality, respecting the sanctity and quality of life, maintaining commitments, respecting truthfulness and ensuring fairness in the use of resources.

26. In addition, CNO’s Professional Standards provides, in relation to the leadership standard, that leadership requires self-knowledge (understanding one’s beliefs and values and being aware of how one’s behaviour affects others), respect, trust, integrity, shared vision, learning, participation, good communication techniques and the ability to be a change facilitator. Nurses demonstrate their leadership by providing, facilitating and promoting the best possible care/service to the public and by role-modelling professional values, beliefs and attributes.

27. Attached as Exhibit “B” is a copy of CNO’s Professional Standards which was in force at the time of the incidents and has since been retired.

Confidentiality and Privacy: Personal Health Information

28. CNO’s Confidentiality and Privacy - Personal Health Information standard (“Privacy Standard”) largely incorporates the Personal Health Information Protection Act, 2004. The Privacy Standard provides that nurses have ethical and legal responsibilities to maintain the confidentiality and privacy of patient health information obtained while providing care. It requires that personal health information be kept confidential and secure. Nurses comply with the Privacy Standard by:

a. Seeking information about issues of privacy and confidentiality of personal health information;

b. Maintaining confidentiality of [patients’] personal health information with members of the healthcare team, who are also required to maintain confidentiality, including information that is documented or stored electronically;

c. Collecting only information that is needed to provide care;

d. Accessing information for her/his [patients] only and not accessing information for which there is no professional purpose; and

e. Safeguarding the security of computerized, printed or electronically displayed or stored information against theft, loss, unauthorized access or use, disclosure, copying, modification or disposal.

29. Attached as Exhibit “C” is a copy of CNO’s Privacy Standard which was in force at the time of the incidents.

30. The Member admits and acknowledges that she contravened CNO’s Code of Conduct, Professional Standards and Privacy Standard when she accessed the EMRs for approximately 900 patients without consent, authorization or clinical purpose between August 1, 2020 and August 10, 2021, including the EMR of Patient A.

ADMISSIONS OF PROFESSIONAL MISCONDUCT

31. The Member admits that she committed the acts of professional misconduct as alleged in paragraph 1 of the Notice of Hearing and that she contravened a standard of practice of the profession or failed to meet the standard of practice of the profession, as described in paragraphs 7 to 30 above.

32. The Member admits that she engaged in conduct or performed an act relevant to the practice of nursing that, having regard to all the circumstances, would reasonably be regarded by members as dishonourable and unprofessional, as alleged in paragraph 2 in the Notice of Hearing and as described in paragraphs 7 to 30 above.

Decision

The College bears the onus of proving the allegations in accordance with the standard of proof, that being the balance of probabilities based upon clear, cogent and convincing evidence.

Having considered the evidence and the onus and standard of proof, the Panel finds that the Member committed acts of professional misconduct as alleged in paragraphs #1(a), #1(b), #2(a) and #2(b) of the Notice of Hearing. As to allegations #2(a) and #2(b), the Panel finds that the Member engaged in conduct that would reasonably be regarded by members of the profession to be dishonourable and unprofessional.

Reasons for Decision

The Panel considered the Agreed Statement of Facts and the Member’s plea and finds that this evidence supports findings of professional misconduct as alleged in the Notice of Hearing.

Allegations #1(a) and #1(b) in the Notice of Hearing are supported by paragraphs 7 - 31 in the Agreed Statement of Facts. The Member was employed as a Registered Practical Nurse (“RPN”) at Cambridge Memorial Hospital (the “Facility”) on a medicine unit (the “Unit”) from November 2, 1981 to August 12, 2021. Patient A is an employee of the Facility and was admitted to the Facility’s Emergency Department (“ED”) on or around July 15, 2021. After receiving a report that a staff member on the Unit reviewed Patient A’s records on or around July 15, 2021, the Facility conducted an access audit on Patient A’s electronic medical record (“EMR”). The audit revealed that the Member had accessed Patient A’s EMR twice, and that there was no clinical basis for the Member to have accessed Patient A’s health record. The Facility met with the Member, and during the meeting, the Member admitted to looking at patient records but did not remember looking at Patient A’s ED records. Following the meeting, the Facility ran a further audit of the Member’s patient records accesses from August 1, 2020 to August 10, 2021, which identified that the Member had accessed approximately 900 health records without patients’ consent, proper authorization, or clinical purpose. The Member acknowledged that she accessed health records for patients on days when she was working, days when she was not working or before her shift started.

The Member’s conduct breached the College’s Code of Conduct which states that: “Nurses act with integrity to maintain patients’ trust” and “Nurses maintain public confidence in the nursing profession.” It also states that: “Nurses are accountable to, and practice under, relevant laws and CNO’s standards of practice.” The College’s Code of Conduct requires that: “Nurses act with integrity to maintain patients’ trust”, “Nurses protect the privacy and confidentiality of patients’ personal health information” and “Nurses are accountable for their own actions and decisions.” Accessing patients records for no clinical reasons does not maintain patients’ trust and the Member did not protect the privacy of the patients’ personal health records.

The Member’s conduct breached the College’s Professional Standards in relation to the Ethics practice standard, which provides that “Ethical nursing care means promoting the values of client well-being, respecting client choice, assuring privacy and confidentiality.”

The Member admitted and acknowledged that accessing personal health information without professional purpose breached the College’s Professional Standards.

The Member’s conduct also breached the College’s Confidentiality and Privacy – Personal Health Information Standard (“Privacy Standard”), which incorporates and confirms the obligations of nurses under the Personal Health Information Protection Act, 2004. In particular, the Privacy Standard states that a nurse meets the standard with respect to personal health information practices by “accessing information for her/his clients only and not accessing information for which there is no professional purpose” and “collecting only information needed to provide care.” The Member accessed approximately 900 patient records without a professional purpose and when it was not necessary to provide care.

Allegations #2(a) and #2(b) in the Notice of Hearing are supported by paragraphs 7 - 30 and 32 in the Agreed Statement of Facts. The Panel finds that the Member’s conduct in accessing health records of individuals outside of her circle of care and for no clinical purpose was clearly relevant to the practice of nursing. She had access to the records through her employment as a nursing professional. The Member’s conduct was unprofessional as it demonstrated a serious and persistent disregard for her professional obligations by breaching the Code of Conduct, the Professional Standards and the Privacy Standard.

The Panel also found that the Member’s conduct was dishonourable. It demonstrated an element of moral failing through the repeated unauthorized access of health records involving approximately 900 patients. The Member repeatedly breached the public's trust. The Member also knew or ought to have known that her conduct was unacceptable and fell below the standards of a professional.

Penalty

College Counsel and the Member advised that a Joint Submission on Order had been agreed upon and requested that the Panel make the following order:

1. Requiring the Member to appear before the Panel to be reprimanded within 3 months of the date that this Order becomes final.

2. Directing the Executive Director to suspend the Member’s certificate of registration for 4 months. This suspension shall take effect from the date that this Order becomes final and shall continue to run without interruption as long as the Member remains in a practicing class.

3. Directing the Executive Director to impose the following terms, conditions and limitations on the Member’s certificate of registration:

a) The Member will attend a minimum of 2 meetings with a Regulatory Expert (the “Expert”) at the Member’s own expense and within 6 months from the date this Order becomes final. If the Expert determines that a greater number of sessions are required, the Expert will advise CNO regarding the total number of sessions that are required and the length of time required to complete the additional sessions, but in any event, all sessions shall be completed within 12 months from the date that this Order becomes final. To comply, the Member is required to ensure that:

i. The Expert has expertise in nursing regulation and has been approved by CNO in advance of the meetings;

ii. At least 5 days before the first meeting, or within another timeframe approved by the Expert, the Member provides the Expert with a copy of:

1. the Panel’s Order,

2. the Notice of Hearing,

3. the Agreed Statement of Facts,

4. this Joint Submission on Order, and

5. if available, a copy of the Panel’s Decision and Reasons;

iii. Before the first meeting, the Member reviews the following CNO publications and completes the associated Reflective Questionnaires, online learning modules and decision tools (where applicable):

1. Code of Conduct, and

2. Confidentiality and Privacy – Personal Health Information;

iv. Before the first meeting, the Member reviews Circle of Care: Sharing Personal Health Information for Health-Care Purposes, as released by the Information and Privacy Commissioner of Ontario;

v. At least 5 days before the first meeting, or within another timeframe approved by the Expert, the Member provides the Expert with a copy of the completed Reflective Questionnaires;

vi. The subject of the sessions with the Expert will include:

1. the acts or omissions for which the Member was found to have committed professional misconduct,

2. the potential consequences of the misconduct to the Member’s patients, colleagues, profession and self,

3. strategies for preventing the misconduct from recurring,

4. the publications, questionnaires and modules set out above, and

5. the development of a learning plan in collaboration with the Expert;

vii. Within 30 days after the Member has completed the last session, the Member will confirm that the Expert forwards their report to CNO, in which the Expert will confirm:

1. the dates the Member attended the sessions,

2. that the Expert received the required documents from the Member,

3. that the Expert reviewed the required documents and subjects with the Member, and

4. the Expert’s assessment of the Member’s insight into the Member’s behaviour;

viii. If the Member does not comply with any one or more of the requirements above, the Expert may cancel any session scheduled, even if that results in the Member breaching a term, condition or limitation on the Member’s certificate of registration;

b) For a period of 12 months from the date the Member returns to the practice of nursing, the Member will notify the Member’s employers of the decision. To comply, the Member is required to:

i. Inform any employer of the decision prior to commencing or prior to resuming employment in any nursing position;

ii. Ensure that CNO is notified of the name, address, and telephone number of all employer(s) within 14 days of commencing or resuming employment in any nursing position;

iii. Provide the Member’s employer(s) with a copy of:

1. the Panel’s Order,

2. the Notice of Hearing,

3. the Agreed Statement of Facts,

4. this Joint Submission on Order, and

5. a copy of the Panel’s Decision and Reasons, once available;

iv. Ensure that within 14 days of the commencement or resumption of the Member’s employment in any nursing position, the employer(s) forward(s) a report to CNO, in which it will confirm:

1. that they received a copy of the required documents, and

2. that they agree to notify CNO immediately upon receipt of any information that the Member has breached the standards of practice of the profession.

3. All documents delivered by the Member to CNO, the Expert or the employer(s) will be delivered by verifiable method, the proof of which the Member will retain.

College Submissions on Penalty

College Counsel made submissions which included the following.

College Counsel reviewed the principles of penalty orders. Penalty orders are intended to protect the public and enhance the public’s confidence in the profession’s ability to self-regulate. Penalty orders protect the public through specific deterrence with respect to the Member, general deterrence with respect to the profession at large, and remediation and rehabilitation of the Member. College Counsel submitted that in meeting those objectives, the Panel should consider the aggravating and mitigating circumstances of the case.

College Counsel submitted that the aggravating factors in this case were:

• The Member’s extensive pattern of unauthorized access of patient health records over a one year period;

• The Member repeatedly breached the public’s trust and repeatedly breached patient confidentiality; and

• The Member’s extensive unauthorized access of patient health records and breach of the standards discredit the profession.

The mitigating factors in this case were:

• The Member is a longstanding member of the College;

• The Member had no prior discipline history with the College;

• The Member admitted to the allegations and accepted responsibility by entering into an Agreed Statement of Facts and a Joint Submission on Order with the College;

• The Member showed extreme remorse and regret for her actions; and

• There was no disclosure of information to a third party.

College Counsel submitted the following cases to the Panel to demonstrate that the proposed penalty fell within the range of similar cases from this Discipline Committee:

CNO v. Fazzari (Discipline Committee, 2022): This hearing proceeded by way of an Agreed Statement of Facts and a Joint Submission on Order. In this case, the member accessed electronic health records for a large number of patients who were not in her circle of care. An aggravating factor was that the member accessed electronic medical records of individuals she knew. The penalty included an oral reprimand, a three-month suspension of the member’s certificate of registration, two meetings with a Regulatory Expert, 18 months of employer notification and three random spot audits of the member’s accesses to electronic health records.

CNO v. Trudel (Discipline Committee, 2018): This hearing proceeded by way of an Agreed Statement of Facts and a Joint Submission on Order. In this case, the member accessed information for a number of patients she knew and used the information for her own purpose. The penalty included an oral reprimand, a four-month suspension of the member’s certificate of registration, two meetings with a Nursing Expert and 12 months of employer notification.

CNO v. McLellan (Discipline Committee, 2016): This hearing proceeded by way of an Agreed Statement of Facts and a Joint Submission on Order. In this case, the member accessed 5,800 electronic records of patients over a seven-year period. The penalty included an oral reprimand, a four-month suspension of the member’s certificate of registration, two meetings with a Nursing Expert, 18 months of employer notification and three random audits of the member’s accesses to electronic health records.

Member’s Submissions

The Member did not make any submissions with respect to penalty.

Penalty Decision

The Panel accepted the Joint Submission on Order and made the order requested.

Reasons for Penalty Decision

There is a high threshold for departing from a Joint Submission on Order established by the Supreme Court of Canada in R. v. Anthony-Cook, 2016 SCC 43. Departing from a joint submission would require a finding that the proposed penalty would bring the administration of justice into disrepute or is otherwise contrary to the public interest.

The Panel concluded that the proposed penalty is not contrary to the public interest and does not bring the administration of justice into disrepute.

The Panel concluded that the proposed penalty is reasonable and in the public interest. It promotes public confidence in the ability of the College to regulate nurses.

The Panel finds that the proposed penalty satisfies the penalty goals of specific and general deterrence, rehabilitation and remediation, and public protection.

The proposed penalty provides for general deterrence through the four-month suspension of the Member’s certificate of registration and the 12 months of employer notification, which send a message to the profession as a whole that unauthorized access to personal health information is a serious breach and will not be tolerated.

The proposed penalty provides for specific deterrence through the oral reprimand and the 4-month suspension of the Member’s certificate of registration, , as well as the 12 months of employer notification, which will send a strong signal that should deter the Member from future professional misconduct.

The proposed penalty provides for remediation and rehabilitation through a minimum of two meetings with a Regulatory Expert and review of the College’s publications. This will assist the Member with her return to ethical practice.

Overall, the public is protected through the four-month suspension of the Member’s certificate of registration, the 12 months of employer notification and the two meetings with a Regulatory Expert.

The Panel acknowledges that the Member has co-operated with the College and, by agreeing to the facts and a proposed penalty, has accepted responsibility, which is a mitigating factor.

The penalty is in line with the range of what has been ordered in previous similar cases, as demonstrated by the cases submitted and referred to by College Counsel.

I, Michael Hogard, RPN, sign this decision and reasons for the decision as Chairperson of this Discipline Panel and on behalf of the members of the Discipline Panel.