The Ontario Court of Appeal upheld a decision that a hospital insurer owed a duty to defend a hospital employee sued for the privacy tort of inclusion upon seclusion, as such was an “invasion or violation of privacy” or an “invasion or violation of a right of privacy, within the meaning of the policy and the employee was “acting under the direction of” the Named Insured hospital and the claim was for “liability arising from the operations of the hospital notwithstanding that she had allegedly accessed hospital records without authority to do so.”
 
Oliveira v. Aviva Canada Inc., 2018 ONCA 321  [4272]
 
FACTS AND ISSUES
 
This is the decision on appeal from the ONSC decision briefed in the December 2017 edition of Defence + Indemnity.
 
Oliveira, a hospital employee, was sued for the privacy tort of intrusion upon seclusion for allegedly having accessed the plaintiff patient’s hospital records and having revealed details to third parties.  Oliveira had not been part of the plaintiff’s treatment team.  The hospital had an insurance policy issued by Aviva that covered “invasion or violation of privacy, invasion or violation of the right of privacy" as “bodily injury”.  The issue was as to whether or not Oliveira was an “Insured” covered by the policy and entitled to a defence.  The definition of “Insured” included “all employees of the Insured while acting under the direction of the Named Insured”, “but only in respect of liability arising from the operations of the Named Insured”.
 
The insurer denied coverage, arguing that Oliveira did not qualify as an Insured because when she accessed the plaintiff’s records in breach of the hospital’s policies she was not “acting under the direction of” the hospital and the suit’s claim was not “in respect of liability arising from the operations of” the hospital.  Oliveira applied for a declaration that Aviva was required to defend her.
 
The motions Court recognized the existence of the privacy tort of intrusion upon seclusion and found that the plaintiff’s claim did allege conduct of Oliviera while she was “acting under the direction of” the hospital and alleged liability “arising from the operations of the hospital”.  The insurer appealed.
 
HELD: For the insured; appeal dismissed. 

1.    The Court upheld the motions judge’s decision, noting that an interpretation of the policy as providing coverage was the only one that made sense:

[3]. . .  In our view this is precisely the sort of conduct the policy was intended to respond to. The applicant was employed by the hospital as a nurse and while on duty, in the course of the hospital’s operations, to use the language of the policy (which would include the maintenance of patient’s health records), she accessed the records that she had apparently no business doing because she was not involved in J.L.’s care. The applicant was employed by the hospital, (she was essentially an employee 24/7) but was only acting under the direction of the hospital when she was on duty as such.

[4]       In our view the common sense interpretation of the language can only have this meaning. To hold as the appellant argues that unauthorized access to medical records does not arise out of the hospital’s operations, or under the direction of the hospital because it would never direct such conduct, would negate the coverage intended. It is plain that the policy, in covering invasion of privacy, is intended to cover the type of conduct that is alleged in the Statement of Claim.