PHIPA (Personal Health Information Protection Act). Hopkins v Kay
In Hopkins v Kay (Ont CA, 2015) the Court of Appeal considers whether the PHIPA (Personal Health Information Protection Act) scheme:
(1) The legislative scheme
 PHIPA was adopted in 2004 following a lengthy process of proposals, draft bills and consultations triggered by Justice Horace Krever’s Report of the Commission of Inquiry into the Confidentiality of Health Information in Ontario (Toronto: Queen’s Printer, 1980).
 The purposes of PHIPA, stated in s. 1, are:
(a) to establish rules for the collection, use and disclosure of personal health information about individuals that protect the confidentiality of that information and the privacy of individuals with respect to that information, while facilitating the effective provision of health care; PHIPA is a lengthy and detailed statute comprised of seven parts and seventy-five sections dealing with the collection, use, disclosure, retention and disposal of personal health information. Part II specifies the required practices to be followed by custodians of personal health information to ensure accuracy and to protect confidentiality. If personal health information is stolen, lost or improperly accessed, subject to certain “exceptions and additional requirements”, the custodian is required to notify the individual at the first reasonable opportunity (s. 12(2)).
(b) to provide individuals with a right of access to personal health information about themselves, subject to limited and specific exceptions set out in this Act;
(c) to provide individuals with a right to require the correction or amendment of personal health information about themselves, subject to limited and specific exceptions set out in this Act;
(d) to provide for independent review and resolution of complaints with respect to personal health information; and
(e) to provide effective remedies for contraventions of this Act.
 Detailed requirements for obtaining consent to the collection, use and disclosure of personal health information are set out in Part III. Collection, use and disclosure are the subject of Part IV. Rights of access and correction are addressed in Part V.
 The provisions in Part VI deal with administration and enforcement. It is the purpose and effect of those provisions that lie at the heart of this appeal.
 The Commissioner is responsible for the administration and enforcement of PHIPA. The Commissioner is appointed under s. 4(1) of the Freedom of Information and Protection of Privacy Act, R.S.O. 1990, c. F.31 (“FIPPA”), and is an officer of the legislature. In addition to PHIPA and FIPPA, the Commissioner is also responsible for the administration and enforcement of the Municipal Freedom of Information and Protection of Privacy Act, R.S.O. 1990, c. M.56.
 The Commissioner has a broad mandate of public protection that enables him or her to conduct reviews under PHIPA in relation to the collection, use, disclosure, retention and disposal of records, as well as access to and correction of records. An individual who has reasonable grounds to believe that another person has or is about to contravene a provision of PHIPA may complain to the Commissioner (s. 56). Upon receipt of a complaint, the Commissioner may “inquire as to what means, other than the complaint, that the complainant is using or has used to resolve the subject-matter of the complaint” (s. 57(1)(a)), require the complainant “to try to effect a settlement” (s. 57(1)(b)), or authorize a mediator to review the matter and attempt to effect a settlement (s. 57(1)(c)).
 If the Commissioner takes none of these steps or if these steps fail to achieve a resolution of the complaint, the Commissioner has two options. First, “the Commissioner may review the subject-matter of a complaint made under this Act if satisfied that there are reasonable grounds to do so” (s. 57 (3)). The second option is specified in s. 57(4):
The Commissioner may decide not to review the subject-matter of the complaint for whatever reason the Commissioner considers proper, including if satisfied that, The Commissioner also has the power to conduct a self-initiated review of any matter where there are reasonable grounds to believe that there has been or is about to be a contravention of the Act (s. 58).
(a) the person about which the complaint is made has responded adequately to the complaint;
(b) the complaint has been or could be more appropriately dealt with, initially or completely, by means of a procedure, other than a complaint under this Act;
(c) the length of time that has elapsed between the date when the subject-matter of the complaint arose and the date the complaint was made is such that a review under this section would likely result in undue prejudice to any person;
(d) the complainant does not have a sufficient personal interest in the subject-matter of the complaint; or
(e) the complaint is frivolous or vexatious or is made in bad faith.
 The Commissioner is given extensive procedural and investigative powers in relation to complaints (ss. 59-60) and the power to make a variety of orders following a s. 57 or 58 review (s. 61). The Act gives the complainant the right to make representations to the Commissioner (s. 60(18)) but does not contemplate a formal adversarial hearing for the resolution of complaints. An appeal from the Commissioner’s order on a question of law lies to the Divisional Court (s. 62).
 Orders of the Commissioner may be filed with the Superior Court whereupon they become enforceable as a judgment of the court (s. 63).
 The possibility of recovering damages as a result of a breach of PHIPA is the subject of s. 65:
65.(1) If the Commissioner has made an order under this Act that has become final as the result of there being no further right of appeal, a person affected by the order may commence a proceeding in the Superior Court of Justice for damages for actual harm that the person has suffered as a result of a contravention of this Act or its regulations. The Commissioner is also given broad general powers to conduct research and provide information to the public in relation to the matters covered by PHIPA (s. 66).
(2) If a person has been convicted of an offence under this Act and the conviction has become final as a result of there being no further right of appeal, a person affected by the conduct that gave rise to the offence may commence a proceeding in the Superior Court of Justice for damages for actual harm that the person has suffered as a result of the conduct.
(3) If, in a proceeding described in subsection (1) or (2), the Superior Court of Justice determines that the harm suffered by the plaintiff was caused by a contravention or offence, as the case may be, that the defendants engaged in wilfully or recklessly, the court may include in its award of damages an award, not exceeding $10,000, for mental anguish.
 Part VII, headed “General”, contains two provisions relevant to the issue raised on this appeal. Section 71 confers immunity upon entities or individuals exercising (or intending to exercise) powers and duties under PHIPA for good faith acts or omissions that were reasonable in the circumstances:
71.(1) No action or other proceeding for damages may be instituted against a health information custodian or any other person for, Finally, s. 72 makes it a summary conviction offence to, inter alia, wilfully collect, use or disclose personal health information in contravention of the Act (s. 72(1)(a)), punishable by fine of up to $50,000 for individuals and $250,000 for institutions (s. 72(2)). Pursuant to s. 72(5), only the Attorney General or agent for the Attorney General may commence such a prosecution.
(a) anything done, reported or said, both in good faith and reasonably in the circumstances, in the exercise or intended exercise of any of their powers or duties under this Act; or
(b) any alleged neglect or default that was reasonable in the circumstances in the exercise in good faith of any of their powers or duties under this Act.
(2) Despite subsections 5(2) and (4) of the Proceedings Against the Crown Act, subsection (1) does not relieve the Crown of liability in respect of a tort committed by a person mentioned in subsection (1) to which it would otherwise be subject.
(2) Does PHIPA create an exhaustive code governing patient records that precludes common law claims for breach of privacy and ousts the jurisdiction of the Superior Court?
 The Hospital and Ms. Edgerton-Reid, supported by the OHA, submit that PHIPA amounts to a comprehensive code that reflects a careful legislative attempt to balance various conflicting interests. They contend that PHIPA’s careful balance would be disturbed if claims based on Jones v. Tsige were entertained by the courts in relation to personal health information. Permitting these common law claims would, according to the appellants, contradict the statutory scheme, defeat the intention of the legislature and undermine the policy choices embodied in PHIPA.
 My analysis is two-fold. First, I consider whether a legislative intention to create an exhaustive code can be inferred from the language of PHIPA. Second, I address the jurisprudence raised by the appellants in support of their contention that PHIPA ousts the jurisdiction of the Superior Court.
(i) Did the legislature intend to create an exhaustive code?
 Ruth Sullivan, in Sullivan on the Construction of Statutes, 6th ed. (Markham, Ont.: LexisNexis Canada, 2014), at para. 17.20, explains the characteristics of an exhaustive code as follows: “The key feature of a code is that it is meant to offer an exclusive account of the law in an area; it occupies the field in that area, displacing existing common law rules and cutting off further common law evolution.” She notes, at para. 17.34, that “if legislation constitutes a complete code, resort to the common law is impermissible.” See also Beiko v. Hotel Dieu Hospital St. Catherines, 2007 ONCA 860, at para. 4; Cuthbertson v. Rasoulli, 2013 SCC 53,  3 S.C.R. 341, at paras. 2-4. If PHIPA does constitute an exhaustive code, the court has no jurisdiction to entertain the claim advanced by the respondent and it must be struck.
 An intention to create an exhaustive code may be expressly stated in the legislation or it may be implied. As there is nothing explicit in PHIPA dealing with exclusivity, the question is whether an intent to exclude courts’ jurisdiction should be implied. In Pleau v. Canada (A.G.), 1999 NSCA 159, 182 D.L.R. (4th) 373, leave to appeal refused,  S.C.C.A. No. 83, Cromwell J.A. explained, at para. 48: “Absent words clear enough to oust court jurisdiction as a matter of law, the question is whether the court should infer… that the alternate process was intended to be the exclusive means of resolving the dispute.”
 Cromwell J.A. identified three factors that a court should consider when discerning whether there is a legislative intent to confer exclusive jurisdiction. First, a court is to consider “the process for dispute resolution established by the legislation” and ask whether the language is “consistent with exclusive jurisdiction”. Courts should look at “the presence or absence of privative clauses and the relationship between the dispute resolution process and the overall legislative scheme”: Pleau, at para. 50 (emphasis in original).
 Second, a court should consider “the nature of the dispute and its relation to the rights and obligations created by the overall scheme of the legislation”. The court is to assess “the essential character” of the dispute and “the extent to which it is, in substance, regulated by the legislative… scheme and the extent to which the court’s assumption of jurisdiction would be consistent or inconsistent with that scheme”: Pleau, at para. 51 (emphasis in original).
 The third consideration is “the capacity of the scheme to afford effective redress” by addressing the concern that “where there is a right, there ought to be a remedy”: Pleau, at para. 52 (emphasis in original).
 These three factors provide a useful framework for considering the question posed on this appeal.
(a) The language of PHIPA and the process it establishes
 There can be no doubt that PHIPA lays down an elaborate and detailed set of rules and standards to be followed by custodians of personal health information. I accept former Commissioner Ann Cavoukian’s description of PHIPA as a “comprehensive set of rules about the manner in which personal health information may be collected, used, or disclosed across Ontario’s health care system”: Commissioner’s PHIPA Highlights (Toronto: Information and Privacy Commissioner/Ontario, March 2005).
 PHIPA also includes among its purposes the “independent review and resolution of complaints with respect to personal health information” and the provision of “effective remedies for contraventions” of the Act. The Act gives the Commissioner certain powers in this regard.
 While PHIPA does contain a very exhaustive set of rules and standards for custodians of personal health information, details regarding the procedure or mechanism for the resolution of disputes are sparse. At para. 28 of the Commissioner’s factum, the review process is described as “inquisitorial in nature”. The Act essentially leaves the procedure to be followed to the discretion of the Commissioner. Reviews are generally conducted in writing. There is no requirement to hold an oral hearing, and therefore the fundamental features of an adversarial system, such as cross-examination, are absent. The Act gives complainants no procedural entitlements beyond the right to make representations. Pursuant to s. 59(1) of the Act, the usual procedural rights pertaining to administrative hearings granted by the Statutory Powers Procedure Act, R.S.O. 1990, c. S.22, do not apply.
 The nature of the process established by PHIPA indicates that it was designed to facilitate the Commissioner’s investigation into systemic issues. While that process can be triggered by an individual complaint, the procedure is not designed for the resolution of all individual complaints. This coincides with the Commissioner’s policy, discussed in greater detail below, to give priority to complaints raising systemic issues.
 I now turn to the specific language of the Act. Section 57(4)(b) provides that one of the factors to be considered by the Commissioner when deciding whether or not to investigate a complaint is whether “the complaint has been or could be more appropriately dealt with, initially or completely, by means of a procedure, other than a complaint under this Act.” On its face, s. 57(4)(b) specifically contemplates the possibility that complaints about the misuse or disclosure of personal health information may properly be the subject of a procedure that does not fall within the reach of PHIPA. In my view, the language of s. 57(4)(b) is difficult to reconcile with the proposition that the complaint procedure under PHIPA is exhaustive and exclusive.
 The appellants argue that s. 57(4)(b) contemplates proceedings such as complaints to a professional college where a doctor or nurse has misused patient information. No doubt, professional complaints of that nature are covered by s. 57(4)(b). However, the very fact that PHIPA contemplates the resolution of disputes regarding personal health information by other tribunals undermines the argument in favour of exclusivity. Moreover, the appellants offer no explanation as to why we should limit the language of s. 57(4)(b) to one kind of tribunal and exclude the Superior Court, especially in relation to a claim that is not based on any rights conferred by PHIPA.
 I also read s. 71, the immunity provision, as explicit recognition that there could be proceedings relating to improper use or disclosure of personal health information other than those specifically contemplated by PHIPA. That provision provides immunity in an “action or other proceeding for damages” where there has been an attempt at good faith compliance with the provisions of the Act. In my view, this language indicates that the legislature did contemplate the possibility of a common law action for damages in the courts.
 Further, to the extent PHIPA does provide for individual remedies, it turns to the courts for enforcement. The Commissioner has no power to award damages. It is only by commencing a proceeding in the Superior Court following an order of the Commissioner that an individual complainant can seek damages, pursuant to s. 65.
 The appellants and the OHA argue that s. 65 demonstrates that the legislature turned its attention to the role of the courts and specifically limited their jurisdiction to assessing damages, hearing appeals on points of law and entertaining applications for judicial review.
 I disagree. In my view, the only conclusion that can be drawn from the role recognized for the courts under s. 65 is that the Commission was not intended to play a comprehensive or expansive role in dealing with individual complaints. I conclude that PHIPA provides an informal and highly discretionary review process that is not tailored to deal with individual claims, and it expressly contemplates the possibility of other proceedings.