CITATION: Stewart v. Demme, 2022 ONSC 1790
DIVISIONAL COURT FILE NO.: 33/20 & 41/20
DATE: 2022/03/24
ONTARIO
SUPERIOR COURT OF JUSTICE
DIVISIONAL COURT
Sachs, J.A. Ramsay and Nishikawa JJ.
BETWEEN:
PENNY STEWART
Plaintiff (Respondent)
– and –
CATHARINA DEMME and WILLIAM OSLER HEALTH SYSTEM
Defendants (Appellants)
Christopher Du Vernet and Carlin McGoogan, for the Plaintiff (Respondent)
Patrick Hawkins and Daniel Girlando, for the Defendant (Respondent), William Osler Health System
Michael Burgar, for the Defendant (Respondent), Catharina Demme
HEARD at Toronto by videoconference: March 8, 2022
H. Sachs J.
Introduction
[1] This case arises out of a large narcotics theft by the Defendant, Catharina Demme, who was a nurse employed by the Defendant, William Osler Health System (the “Hospital”). Over a period of 10 years, Ms. Demme stole thousands of Percocet pills from a medication automated dispensing unit (“ADU”) at the Hospital. In order to obtain access to the pills, Ms. Demme viewed limited patient information of thousands of patients, some of whom were on her unit and some of whom were not.
[2] When the Hospital discovered the thefts, it contacted all the affected patients and this class action was commenced seeking damages for intrusion upon seclusion and negligence. On January 6, 2020, Morgan J. (the “certification judge”) certified the action as a class proceeding and dismissed the summary judgment motion brought by the Defendants. In doing so, the certification judge certified the intrusion upon seclusion claim but not the negligence claim.
[3] This is an appeal by the Defendants from that decision. For the reasons that follow, I would allow the appeal. As the certification judge found, this was not a case that cries out for a remedy. In light of his factual findings regarding the nature and seriousness of the intrusion, he erred in concluding that the claim met the threshold necessary to disclose a tenable cause of action in intrusion upon seclusion. As set out by the Court of Appeal in Jones v. Tsige, 2012 ONCA 32, 108 O.R. (3d) 241 (“Jones”), intrusion upon seclusion is a limited and specific tort developed for cases where there was a “deliberate and significant invasion” of “highly personal information” that would be “highly offensive to a reasonable person.” While the information accessed was health information, the information accessed was limited and the access was fleeting and incidental to the medication theft. Ms. Demme was not “after” the information, nor did she retain it or share it with anyone else. The medication theft cried out for a remedy, which was forthcoming; the privacy intrusion did not.
Factual Background
[4] In this portion of my reasons, I will briefly summarize the facts as found by the certification judge.
The Underlying Theft
[5] Ms. Demme was employed by the Hospital as a nurse from 2007 to December of 2016. During this period, she stole opioids on an almost daily basis. The Hospital estimates that Ms. Demme illegally obtained a total of 23,932 Percocet pills.
[6] After the Hospital discovered the thefts, it terminated Ms. Demme’s employment and revised its practices with respect to prescription drugs to prevent what happened from reoccurring. Ms Demme was criminally prosecuted and convicted of theft. She is no longer allowed to practise as a nurse.
The Intrusion into Patient Records
[7] In the course of her illegal activities, Ms. Demme improperly accessed the individual records of 11,358 patients. The certification judge divided these patients into two classes – those who were patients within Ms. Demme’s circle of care or on the day surgery unit where she worked and those who were not within her circle of care but were patients of the Hospital.
[8] Ms. Demme used the ADU in the day surgery unit to effect the theft. For those patients who were not on her unit, this meant that she randomly chose a patient’s name from the screen and when she clicked on the next box, in addition to the patient’s name, she would see the patient’s identification number, the hospital unit they had visited and if applicable, any allergy information. Sometimes the screen would also show any medication they had taken during the last 32 hours. The way the ADU worked, Ms. Demme could then move on to have the machine dispense medication to her without letting anyone know that it was for her own use.
[9] For the patients who were in Ms. Demme’s circle of care, there was evidence that she also accessed their paper charts. However, the certification judge was prepared to accept that her access to this information was for one purpose and one purpose only – to obtain drugs. For this she did not need to access much information, she did not need to retain or pass on the information and she did not need to spend much time with the information. As put by the certification judge:
[16] In any case, Ms. Demme’s evidence is that her only interest in improperly accessing any patient’s records – whether a paper file or a digital one through the ADU – was to obtain drugs. The first screen that she came across after clicking on the name of a patient appears to have contained all the information she needed. In cross-examination, Ms. Demme explained that each time she accessed a patient file for this purpose so she acted as quickly as possible, staying in any one file a minimal amount of time before moving on the next patient.
[17] There is little reason to doubt the credibility of Ms. Demme’s description. In the first place, the ADU records verify the fact that she accessed each patient’s records for a matter of seconds. Moreover, it stands to reason that she was interested in obtaining opioids, not information or knowledge of a patient’s file. There is no evidence, nor is there reason to suspect, that Ms. Demme pursued any patient records beyond what was needed to open the medication dispensing drawer. She was, by her own admission, a drug addict; she improperly accessed these records to feed her craving for narcotics, and not to satisfy any other need for patients’ health information.
[26] …Ms. Demme improperly accessed over 11,000 patent files for a brief moment or two during her 10-year crime spree; of that there is no doubt. But on the evidence before me, that illegal conduct does not appear to have resulted in actual medical mistreatment – certainly not on a class-wide basis.
The Certification Judge’s Decision to Certify a Cause of Action for Intrusion Upon Seclusion
[10] The certification judge reviewed the elements of the tort as set out by the Court of Appeal and found that the “central question for liability here is whether the invasion of the class members’ privacy is “highly offensive.’” The certification judge found that the other two elements were met, namely, intentional or reckless conduct by Ms. Demme and the invasion by her, without lawful justification, into the Plaintiff’s private affairs or concerns.
[11] The certification judge noted that it is only where it is plain and obvious that the Plaintiff’s claim cannot succeed that that claim will be struck at the pleadings stage.
[12] The certification judge found that “[t]he Hospital is a uniquely private and confidential institution” and that it has a mandate to keep health records private and safe. He also found that the fact that Ms. Demme’s access to each patient’s data may have been “fleeting” does not mean that the nature and quality of that information is unimportant. Privacy is not an “all-or-nothing concept.” As put by the certification judge:
[72] The present case poses an example at one far end of the spectrum spanning the kinds of intrusions into privacy that the Court of Appeal discussed in Jones. While any intrusion – even a very small one – into a realm as protected as private health information may be considered highly offensive and therefore actionable, the facts do not exactly “cry out for a remedy”: ibid., para. 69. Rather, while one might be disturbed by the “intrusion into…highly personal information… damages for intrusion upon seclusion…should be modest”: Ibid., 69 and 87.
[75] What is at stake here are Ms. Demme’s repeated but fleeting wrongful acts. These intrusions into patient files exploited randomly selected nurse-patient relationships, but were not intended to produce, and seemingly did not produce, any discernable effect on the class.
[79] In any case, the Jones reasoning supports the proposition that an infringement of privacy can be “highly offensive” without being otherwise harmful in the sense of leading to substantial damages. The offensiveness is based on the nature of the privacy interest infringed, and not on the magnitude of the infringement.
[80] Accordingly, the intrusion upon seclusion claim as pleaded is a viable cause of action….
Standard of Review
[13] The Defendants submit that the standard of review that applies to the certification judge’s finding that the pleading discloses a cause of action under s. 5(1)(a) of the Class Proceedings Act, 1992, S.O. 1992, c. 6 is the same as that applicable to a similar determination under the Rules of Civil Procedure, R.R.O. 1990, Reg. 194 – correctness. The Plaintiff did not dispute the Defendants’ position on the standard of review, which is supported by the following authorities: Pioneer Corp. v. Godfrey, 2019 SCC 42, [2019] 3 S.C.R. 295, at paras. 57, 81; McDowell v. Fortress Real Capital Inc., 2019 ONCA 71, 91 B.L.R. (5th) 181, at para. 53; Kang v. Sun Life Assurance Company of Canada, 2013 ONCA 118, 303 O.A.C. 64, at para. 27.
[14] I accept that the applicable standard of review is correctness.
Analysis
[15] It is clear from the certification judge’s reasons that for him, this case was a close call. While the facts did not “cry out for a remedy” this could be dealt with by a small award of damages. His decision to certify the action was also influenced by the “nature of the privacy interest infringed” and that “any intrusion – even a very small one – into a realm as protected as private health information may be considered highly offensive….”
[16] In reasoning this way, it is my view (and I say this with great respect) that the certification judge erred in how he interpreted Jones. Not every intrusion into private health information amounts to a basis to sue for the tort of intrusion upon seclusion. The particular intrusion must be “highly offensive” when viewed objectively having regard to all the relevant circumstances. If the case does not “cry out for a remedy”, it is a signal that the high standard for certification of this limited tort may not be met.
[17] In Jones, the Court of Appeal began its analysis by reviewing the case law in various jurisdictions, including Ontario, the United States and England to examine two questions: does Ontario recognize a cause of action for invasion of privacy and, if it does not, should it? On the first question, Sharpe J.A. found that while “[a]spects of privacy have long been protected by causes of action such as breach of confidence, defamation, breach of copyright, nuisance and various property rights…the recognition of a distinct right of action for breach privacy remains uncertain”: Jones, at para. 15.
[18] The Court of Appeal then looked at the Ontario case law and concluded that Ontario courts remain open to the proposition that there should be a tort such as intrusion upon seclusion. While there had been no definitive statement from an appellate court in Canada to this effect, Ontario judges had refused to dismiss such claims at the pleadings stage.
[19] The Court concluded that it was time for it to “confirm the existence of a right of action for inclusion upon seclusion”: ibid, at para. 65. Its rationale for doing so was fourfold:
(1) The case law and legal scholars support the “existence of a such a cause of action”: ibid, at para. 66. Privacy is an important underlying value and Charter jurisprudence identifies the right to informational privacy as worthy of protection.
(2) Technological change has motivated the need to protect the individual’s right to privacy. Routinely kept electronic databases make our most personal information available and vulnerable: ibid, at para. 67.
(3) The common law has the capacity to evolve to respond to this problem: ibid, at para. 68.
(4) “Finally, and most importantly, we are presented in this case with facts that cry out for a remedy. While Tsige is apologetic and contrite, her actions were deliberate, prolonged and shocking. Any person in Jones’ position would be profoundly disturbed by the significant intrusion into her highly personal information. The discipline administered by Tsige’s employer was governed by the principles of employment law and the interests of the employer and did not respond directly to the wrong that had been done to Jones. In my view, the law of this province would be sadly deficient if we were required to send Jones away without a legal remedy”: ibid, at para. 69 (emphasis added).
[20] Directly after this statement, the Court sets out the elements of the cause of action for intrusion upon seclusion: (1) the defendant’s conduct must be intentional; (2) “the defendant must have invaded, without lawful justification, the plaintiff’s private affairs”; and (3) “a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish”: ibid, at para. 71.
[21] As stated by the Court at para. 72, “[t]hese elements make it clear that recognizing this cause of action will not open the floodgates. A claim for intrusion upon seclusion will arise only for deliberate and significant invasions of privacy. Claims from individuals who are sensitive or unusually concerned about their privacy are excluded: it is only intrusions into matters such as one’s financial or health records…that, viewed objectively on the reasonable person standard, can be described as highly offensive.”
[22] Thus, it is clear that while the phrase “cry out for a remedy” is not an element of the cause of action, it does inform what the elements of the cause of action are designed to do – they are designed to offer a remedy in situations where the privacy intrusion is very serious, not any privacy intrusion. Hence the need for the intrusion to be significant and deliberate and the need for an objectively reasonable person to view the intrusion as highly offensive, “causing distress, humiliation or anguish.” The fact that this is a “no actual damages tort” means that it should only be available in particularly serious instances.
[23] There are several statements in the certification judge’s reasons that make it clear that it was his view that because the intrusion was one into hospital health records, it could be regarded as “highly offensive” even if it was fleeting, the information accessed was at the low end of sensitive and the motive behind the intrusion was not to obtain the information but to obtain drugs.
[24] In this case, as put by one counsel, the information was a “key” needed to unlock a drawer that contained drugs. In this context, it is also important to remember that the significance of the intrusion is to be assessed individually, not collectively. The fact that there were over 11,000 such intrusions does not mean that each intrusion was significant and highly offensive.
[25] At para. 70 of his reasons, the certification judge notes that “privacy is not an ‘all-or-nothing concept.’” Thus, according to him, “different privacy contexts when breached may lead to different legal consequences.” He then refers to Jones, (particularly para. 72, quoted above) and concludes his reasons by saying that “any intrusion – even a very small one – into a realm as protected as private health information may be considered highly offensive and therefore actionable.” In other words, any intrusion into private health records, no matter how small, may be considered highly offensive. This conclusion echoes the argument put forward by the Plaintiff.
[26] I disagree. This is not what Jones says. To repeat para. 72 of Jones:
These elements make it clear that recognizing this cause of action will not open the floodgates. A claim for intrusion upon seclusion will arise only for deliberate and significant invasions of personal privacy. Claims from individuals who are sensitive or unusually concerned about their privacy are excluded: it is only intrusions into matters such as one’s financial or health records, sexual practices and orientation, employment, diary or private correspondence that, viewed objectively on the reasonable person standard, can be described as highly offensive.
[27] This paragraph does not say that any intrusion into personal health information, however minimal and fleeting, can be described as “highly offensive.” What it says is that not all informational privacy is worthy of protection under this tort; it is only certain information, which may include health information, that is worthy of protection. However, to meet the threshold for the tort of intrusion upon seclusion, the intrusion must still be deliberate and significant to be considered “highly offensive.” To find otherwise would be to “open the floodgates” to claims such as the one at issue in this proceeding, where the intrusions were fleeting, the information accessed was not particularly sensitive within the realm of health information, the intruder was not “after” the information itself, which was otherwise available to her and/or a number of other hospital staff, and there was no discernible effect on the patients.
Conclusion
[28] For these reasons the appeal is allowed, the order of the certification judge is set aside and the Plaintiff’s motion to certify her action for intrusion upon seclusion is dismissed. Given this finding, there is no need to deal with the arguments respecting the Defendants’ summary judgment motion. The Defendant Hospital and the Plaintiff agreed that if the appeal was allowed, the Plaintiff should pay the Hospital $36,000.00 by way of costs. It is so ordered. The Defendant Ms. Demme and the Plaintiff were unable to reach an agreement regarding costs. The parties concerned may make brief submissions in writing on this issue. Ms. Demme shall file her submissions within 10 days of the release of these reasons and the Plaintiff shall have 10 days from the receipt of Ms. Demme’s submissions to respond.
Sachs J.
I agree _______________________________
Ramsay J.
I agree _______________________________
Nishikawa J.
Released: March 24, 2022
CITATION: Stewart v. Demme, 2022 ONSC 1790
DIVISIONAL COURT FILE NO.: 33/20 & 41/20
DATE: 2022/03/24
ONTARIO
SUPERIOR COURT OF JUSTICE
DIVISIONAL COURT
Sachs, J.A. Ramsay and Nishikawa JJ.
BETWEEN:
PENNY STEWART
Plaintiff (Respondent)
– and –
CATHARINA DEMME and WILLIAM OSLER HEALTH SYSTEM
Defendants (Appellants)
REASONS FOR JUDGMENT
Sachs J.
Released: March 24, 2022