There is a growing body of arbitral jurisprudence upholding summary dismissal of employees who breached workplace codes of conduct, confidentiality and privacy policies by deliberately snooping into co-worker or client records without any legitimate purpose and for reasons of their own. A number of these cases have concerned privacy breaches by hospital employees. Ontario Nurses’ Association v. Norfolk General Hospital, 2015 CanLII 62332, is a fairly recent example.
The case involved a registered nurse who had been employed for 12 years at the Norfolk General Hospital in Simcoe, Ontario. Her job required her to enter patient care notes and use the Hospital’s computer system to look up information about patients. Unfortunately, she did not confine her activities to her job duties, and deliberately accessed more than 500 patient records over a 12-month period without any professional need to do so. The Hospital found out about this after a patient contacted its privacy officer alleging that the nurse had disclosed information about her hospital visit to people in the community. The Hospital conducted a month-long audit, uncovered the extent of the nurse’s snooping and dismissed her for cause.
The Hospital also provided a report to the Office of the Ontario Information and Privacy Commissioner, sent out 1,300 letters to current and former patients affected by the privacy breaches and issued a public statement. All of this made the local news.
The Ontario Nurses’ Association grieved and Arbitrator Lyle Kanee held that the discharge was warranted. He ruled that the nurse’s actions violated her professional obligations, several hospital policies, the Personal Health Information Protection Act, and even union directives. He also noted that, on top of that, she had failed to admit the breaches or accept responsibility for violating patient privacy.
Two months after the arbitrator’s decision, the local newspaper reported that the College of Nurses had suspended the nosy nurse.