Skip to main content
All of CanadaUpdated April 2026

A hospital employee looked at my records without reason.

What to do if you learn that a health care staff member accessed your record without a legitimate purpose.

TL;DR

Snooping is a serious violation. Contact the hospital's privacy officer to demand an investigation. The custodian must notify you, review audit logs, and in many provinces report to the commissioner. Penalties under PHIPA can include significant fines against the individual employee.

Step 1: write to the privacy officer

Request a formal investigation. Ask for an audit of all access to your record, with dates, employee names (redacted as required), and reasons for access. The custodian must respond within a reasonable time.

Step 2: ask about notification

Most health privacy statutes require the custodian to notify affected patients of snooping incidents. In Ontario, PHIPA also requires reporting to the IPC.

Step 3: file a complaint

If the response is inadequate, file a complaint with your provincial privacy commissioner (IPC Ontario, OIPC BC, OIPC Alberta, CAI Quebec, etc.).

Related topics

Ask AI