Defence + Indemnity: December 2017 - I. Insurance Issues C.

by Field Law

Field Law


E. A hospital insurer was held to owe a duty to defend a hospital employee sued for the privacy tort of inclusion upon seclusion, as such was an “invasion or violation of privacy” or an “invasion or violation of a right of privacy, within the meaning of the policy and the employee qualified as an Additional Insured was “acting under the direction of” the Named Insured hospital and the claim was for “liability arising from the operations of the Named Insured”.

Oliveira v. Aviva Canada Inc., 2017 ONSC 6161, per Koehnen, J. [4254]

Oliveira, a hospital employee, sought a declaration that the hospital's insurers, Aviva Canada and Scottish & York owed her a duty to defend an action brought against her and the hospital by a former patient (“J.L.”) based on the tort of intrusion upon seclusion.
As this was an application to define the insurer's duty to defend, all parties agreed that the only evidence relevant was the Statement of Claim and the insurance policy.
J.L. was admitted to hospital and treated for postpartum psychosis. After she returned home, the son of a neighbour began asking “pointed questions" about her health. J.L. became suspicious when she discovered that the neighbour was a relative of the hospital employee Oliveira and she advised the hospital of her concerns. After investigating, the hospital conceded to J.L. that Oliveira had repeatedly accessed J.L.’s hospital records. At the time, Oliveira was not involved in J.L.’s care. J.L. alleged that this amounted to a breach of privacy (the tort of intrusion upon seclusion), a breach of the hospital's privacy policy, and a breach of the practice standards of the Ontario College of Nurses.
The Court was asked to infer that the questions from the neighbour’s son arose from Oliveira’s conduct, as opposed to being the product of a nosy neighbour who simply asked how J.L. was doing after noticing that she had been absent.
Oliveira sought a declaration that the hospital’s insurers Aviva Canada and Scottish & York owed her a duty of care with respect to J.L.’s action.
The Aviva policy provided coverage for damages because of “bodily injury or personal injury”. The term “bodily injury” was defined to include mental anguish, something that J.L. was expressly claiming damages for. The term “personal injury" was defined to include “invasion or violation of privacy, invasion or violation of the right of privacy".
The policy defined coverage for employees of the hospital as additional insureds:
10   The policy defines the insured as follows:
(ix) all employees of the Insured while acting under the direction of the Named Insured;"
"The unqualified word Insured includes the Named Insured and also includes the following additional Insured’s but only in respect of liability arising from the operations of the Named Insured:
Aviva argued that it did not owe Oliveira a duty to defend because she was not “acting under the direction of" the hospital when she engaged in the conduct alleged against her because the allegations did not “arise from the operations of” the hospital.
II. HELD: For the insured; application granted; insurer declared to owe a duty to defend. 
  1. The Court summarized the principles with respect to interpreting an insurance policy in an application for duty to defend:​
​12   The legal principles applicable to the interpretation of the insurance policy are not in dispute. The Supreme Court of Canada has summarized them as follows:
  1. Whether an insurer has a duty to defend is determined in light of the allegations made in the pleadings filed against the insured: Monenco Ltd. v. Commonwealth Insurance Co., 2001 SCC 49 (S.C.C.) at para. 28. The widest latitude should be given to the allegations in the pleadings in determining whether they raise a claim that falls within the policy: Monenco, at para 31.
  2. The duty to defend is broader than the duty to indemnify. The mere possibility that a claim falls within the policy will suffice to trigger a duty to defend: Monenco, at para. 29.
  3. Coverage provisions should be construed broadly; exclusion causes should be interpreted narrowly: Monenco, at para 31.
  4. Courts should avoid interpretations of policies that substantially nullify coverage: Consolidated-Bathurst Export Ltd. c. Mutual Boiler & Machinery Insurance Co., [1979] S.C.J. No. 133 (S.C.C.) at para. 27.
  1. The Court held that the explicit language of the policy was contrary to Aviva's argument. 
  2. The Court recognized the tort of intrusion upon seclusion, concluding that it fell squarely within policy coverage for “invasion of violation of privacy” or “invasion of violation of the right of privacy”.
    1. ​​The Court held as follows with respect to the tort of intrusion upon seclusion:​
16   As already noted, the policy specifically provides coverage for “invasion or violation of privacy” and for “invasion or violation of the right of privacy”. Legal liability for invasion of privacy was examined by the Ontario Court of Appeal in Jones v. Tsige, 2012 ONCA 32 (Ont. C.A.). In doing so, the Court of Appeal quoted from a seminal article of William Prosser, “Privacy” (1960), 48 Cal. L.R. 383 in which Professor Prosser noted that the concept of legal liability for breach of privacy consisted of four separate torts: intrusion upon seclusion; public disclosure of embarrassing private facts about the plaintiff; publicity which places the plaintiff in a false light in the public eye; and appropriation of the plaintiff’s name or likeness (Jones, at para. 18). 

17   The most relevant for our purposes is the tort of intrusion upon seclusion. At paragraph 70 of Jones, the Court of Appeal adopted into Ontario law, the definition of intrusion upon seclusion from the Restatement (Second) of Torts (2010) as follows:
"One who intentionally intrudes, physically or otherwise, upon the seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the invasion would be highly offensive to a reasonable person.” (emphasis added by the Court)
18   It is important to note in this regard that the tort of intrusion upon seclusion is founded on the act of obtaining information. It does not require that the information a defendant has obtained be disseminated in any way.

19   J.L. specifically claims damages for intrusion upon seclusion from Ms. Oliveira. That tort is part of the law of invasion of privacy which the policy specifically insures. As a result, the privacy coverage under the policy insures, to adopt the language the Second Restatement, “intentional conduct that is highly offensive to a reasonable person.”
  1. T​he Court noted that the tort of intrusion upon seclusion did not contain an element requiring the plaintiff to prove that the defendant had disseminated the improperly accessed information in any way (para. 18).
  2. The Court held that Aviva’s argument would nullify hospital employees outside of the patient’s circle of care from coverage for intrusion upon seclusion. The Court held that if this argument were to be accepted, there would rarely be coverage for privacy breach on the part of a hospital employee because employees within the patient’s circle of care have lawful access to the medical records:
20   Aviva’s argument limits employees acting under the direction of the Hospital to those within the patient’s circle of care. This, in effect, nullifies coverage for intrusion upon seclusion. It would rarely, if ever, be “highly offensive” for a medical worker within a patient’s circle of care to access medical records. It is more likely to be highly offensive for a Hospital employee outside of the circle of care to access a patient’s medical records. By offering coverage for breach of privacy, Aviva was offering coverage for intrusion upon seclusion and was, by definition, offering coverage for highly offensive conduct. That must by definition cover access to records by Hospital employees outside of the circle of care.
21   Moreover, the policy does not in any way limit coverage for privacy breaches or other torts, to Hospital employees within a patient’s circle of care. The only qualification is that the employee be acting under the direction of the Hospital.
22   Consistent with the principle that coverage provisions should be construed broadly and exclusions should be construed narrowly, courts have interpreted concept of acting under the direction of a named insured in a broad manner. In Kennedy v. C.N.A. Assurance Co. (1978), 20 O.R. (2d) 674 (Ont. H.C.); aff’d without reasons 1979 CanLII 2805 [(1979), 116 D.L.R. (3d) 384 (note) (Ont. C.A.)], this court held that the concept of acting under the direction of a named insured did not relate so much to the power to direct how work should be done but to the power to control the employee in relation to the incidental features of his or her employment in other words the ability to instruct an employee about when and where to work: Kennedy at para. 11. Whether an employee was acting under the direction of the named insured does not turn on whether there was actual personal control at the moment of the incident. Rather the control must flow from the relationship generally and from the employer’s ability to terminate the employee’s employment: Kennedy at paragraph 18.
  1. The Court held that the claim alleged “liability arising from the operations” of the insured, within the meaning of the coverage provisions for hospital employees.
    1. The Court held that the terms “arising out of” and “arising from” carry the same meaning: Kinnear v Canadian Recreational Excellence (Vernon) Corp. 2012 BCCA 291, at 42.
    2. The Court rejected Aviva’s arguments that because the employee Oliveira  was not within the Plaintiff patient’s circle of care, her conduct did not “arise from” the hospital’s operations.
    3. The Court held that the causation issue required analysis in terms of contractual interpretation of the policy, as to whether it was intended to cover. It was held that in this case it was intended to cover the conduct alleged, rejecting the insurer’s argument which the Court held was an attempt to use the “very act they agree to insure against, as an excuse to deny a duty to defend”:
41   The cases examining causation do not do so in the abstract. They do so to determine whether allegations in a statement of claim trigger a duty to defend under an insurance policy. In other words, the real question they ask is whether particular allegations fall within the ambit of the contract of insurance. This, in turn, is a question of contractual interpretation: Collier v. Insurance Corp. of British Columbia, [1995] B.C.J. No. 18 (B.C. C.A.) at para. 59; Cowichan Valley School District No. 79 v. Underwriters & Members of Lloyd’s, London, 2003 BCSC 1303 (B.C. S.C. [In Chambers]) at para. 10. Put another way: are the allegations in the claim the sort of risks that the insurer agreed to insure (and defend) against.

42   Aviva’s position might have more force if J.L.’s claim were not so clearly associated with the very activity that Aviva agreed to insure against.

43   As already noted, the policy provides coverage for invasion of privacy which includes intrusion upon seclusion. This, by definition involves accessing information in an offensive manner. For an employee within the circle of care to access health information is not an invasion of privacy and not offensive. The invasion of privacy occurs because the individual accessing the information is not authorized to do so. That is what Aviva agreed to insure against and that is what Aviva should be held to.

44   In a hospital setting, intrusion upon seclusion captures inappropriate access to medical records. Aviva seeks to use the very act they agreed to insure against, as an excuse to deny a duty to defend. To accept Aviva’s argument would nullify a significant portion of the privacy coverage the policy purports to afford (at least insofar as the privacy coverage relates to intrusion upon seclusion). Courts should not interpret policies in a way that results in nullification of a significant portion of coverage: Consolidated Bathurst at para. 27.

45   The cases to which the parties have referred me are consistent with the principle that causation analysis for purposes of determining whether the insurer owes a duty to defend is an exercise of contractual interpretation aimed at determining whether the contract of insurance was intended to cover the conduct alleged. Some cases expressly articulate the issue in this way: Collier at para. 59; Cowichan Valley at para. 10. In others it is implicit in the analysis.
  1. The Court held that a hospital’s operations include activities beyond the mere provisions of medical care, including the collection and maintenance of medical records. The Ontario Hospital Information Statute (the Personal Health Information Protection Act, 2004, S.O. 2004, c. 3 Sch A) mandated this, as does the case law:
51   Aviva argues that the “operations” of a hospital constitute delivery of medical care which would exclude Ms. Oliveira because she was not delivering medical care to J.L.

52   In my view, neither the language of the policy nor case law supports such a narrow interpretation of the concept of operations.

53   With respect to the language of the policy, it should be noted that the privacy coverage under the policy is not limited to the provision of medical care. It refers only to operations which is a concept broader than medical care. In my view the operations of a hospital are not strictly limited to the provision of medical care. There are numerous ancillary activities that a hospital is required to carry out in order to provide medical care that are part of its operations. These would include the collection, creation and maintenance of medical records.

54   Here too we should remind ourselves that the “operations” language is contained in a portion of the policy that affords insurance coverage which should be read broadly.

55   The Personal Health Information Protection Act, 2004, S.O. 2004, c 3, Sch. A implicitly includes the collection and maintenance of medical records as part of the statutorily mandated operation of public hospitals in Ontario. Section 3(1) of that statute defines as a “health information custodian”, a person:

"who has custody or control of personal health information as a result of or in connection with performing the person’s or organization’s powers or duties ... "

Paragraph 3(1).4 expressly includes public hospitals within the definition of health information custodian. Implicit in this is a recognition that hospitals have custody of health records as part of their duties. The collection and maintenance of health care data therefore part of the falls within the operation of a hospital.

56   Case law also supports a broad definition of operations. In Kinnear, the British Columbia Court of Appeal noted:
"In my view “operations” is a word of sufficiently broad meaning as to include the creation of a situation, or circumstance, that is connected in some way to the alleged liability. It does not necessarily imply an active role by the named insured in creation of the liability event. Operations can include the occupation and use of premises or other “passive” conduct that might not be included within the meaning of the word “activities” ..."
  1. The Court concluded as follows:
57   Given the policy’s coverage for intrusion upon seclusion, which by definition includes unauthorized access to private information, the use of the broader term operations rather than medical care in the policy and judicial treatment of the terms operations, I conclude that the allegations against Ms. Oliveira do arise out of the operations of the Hospital and that Aviva is not relieved of its duty to defend based on the “arising from the operations” language of the policy.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Field Law | Attorney Advertising

Written by:

Field Law

Field Law on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.