Accessing Records Of Family Members Nets Doctor Four-Month Suspension

Rosen Sunshine


Rosen Sunshine LLP are passionate advocates for professionals and health care providers, trusted advisors to regulators and health organizations, and experts in their field. We work on behalf of institutional and private clients, including regulators, service providers, professionals, professional associations, insurance companies, clinics, facilities, and organizations.
A recent decision of the Ontario Physicians and Surgeons Discipline Tribunal (the "Tribunal") emphasizes that a physician must not access a patient's personal health information...
Canada Privacy
To print this article, all you need is to be registered or login on

A recent decision of the Ontario Physicians and Surgeons Discipline Tribunal (the "Tribunal") emphasizes that a physician must not access a patient's personal health information if they are not in the patient's circle of care. Such unauthorized access is a breach of patient privacy that can constitute professional misconduct and can lead to a suspension.


In a recent case, a radiologist was found to have accessed 20 patient records without consent. The 20 patients were treated at the hospital where the doctor worked, but were not his patients. Rather, the patients were acquaintances such as extended family members and colleagues. As the doctor was not providing care to these patients, he was outside their circles of care and, therefore, was required to obtain express consent from the patients in order to access their records.

The doctor and the College of Physicians and Surgeons of Ontario (the "CPSO") jointly agreed before the Tribunal that his conduct constituted professional misconduct. The doctor admitted that he was aware of his duty to maintain the privacy of personal health information. He was reminded of this duty when he renewed his hospital privileges annually, and he was informed of this duty through hospital policies and the CPSO's "Protecting Personal Health Information" policy. The Tribunal found that the doctor's failure to protect patient privacy was conduct that members of the profession would regard as disgraceful, dishonourable, or unprofessional conduct.


Having found that the doctor's unauthorized access to records breached patient privacy and risked the public's trust in the medical profession, the Tribunal ordered a penalty which included a four-month suspension. This was in recognition of the doctor having no prior discipline history, having admitted to his misconduct, and demonstrating appropriate conduct since the conduct was identified. In addition, the doctor faced consequences from his hospital, including

  • having his hospital privileges suspended for three months, during which he did not provide radiology services at other hospitals, and
  • having his radiology services overseen upon his return to the hospital.

The penalty also reflected that the doctor had participated in remediation activities (e.g., attended ethics and professionalism training, issued apology letters to the 20 patients) and that the penalty was a joint submission, which must be accepted unless doing so would be contrary to the public interest.


A physician is not authorized to access a patient's personal health information if they are outside the patient's circle of care, unless they have the patient's consent, no matter how well the physician may know the patient. Breaches of patient privacy are extremely serious and will result in significant sanctions.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More