In a decision rendered on December 30, 2014 1, arbitrator Nathalie Faucher concluded that the dismissal imposed by a hospital centre on an employee for breach of confidentiality was well-founded.
The employee, an administrative agent at the emergency room of the hospital centre, was dismissed for breaching her obligation of confidentiality. The employer stated that she had disclosed to a work colleague the fact that a patient had HIV. This colleague was a family member of the patient and had been unaware of his condition.
The employer’s evidence established that the complainant had obtained the medical information through the hospital centre’s computer database, despite that she did not need to use the database in discharging her duties. It was also demonstrated that the complainant had been made aware of her confidentiality obligations and had undertaken to comply with these obligations by signing the code of ethics of the employer as well as an undertaking to preserve the confidentiality of patient’s identifying and medical information.
In the reasons for her decision, the arbitrator took into account the wording of section 19 of the Act Respecting Health Services and Social Services, CQLR c S-4.2, which reads as follows:
“19. The record of a user is confidential and no person may have access to it except with the consent of the user or the person qualified to give consent on his behalf. (…)”
The arbitrator also took into account the fact that sections 5 and 9 of the Charter of Human Rights and Freedoms establish the right to confidentiality of information protected by professional secrecy and, therefore, the right of patients to expect that this information will be protected and cannot be disclosed to third parties.
Moreover, the arbitrator considered that the nature of the information disclosed had an “extremely high degree of sensitivity”. Relying on a prior decision 2, the Tribunal took the view that the fact that the breach of confidentiality had occurred internally did not make it less serious.
For the arbitrator, the fault was twofold since not only did the employee breach the confidentiality of information, but she also obtained the information through the use of software which was not relevant to the discharge of her duties, particularly since the employee had already been notified that using this software constituted a fault and that she was liable to be sanctioned if she did so again.
Finally, on the basis of the evidence heard, the arbitrator found that the “security” arguments advanced by the complainant to try to exonerate herself were not credible. The complainant had claimed that disclosure of the information was necessary to protect her colleague, out of concern that she may get infected while transporting the user.
In conclusion, the arbitrator found that the conduct was sufficiently serious in nature to justify dismissal. Despite the complainant expressing remorse at the hearing, the arbitrator was not convinced that she understood the seriousness of her fault and that she would not repeat it. Therefore, the arbitrator saw no reason to intervene in the sanction imposed by the employer.