ORDER PO-4212

Appeal PA19-00165

William Osler Health System - Brampton Civic Hospital

November 24, 2021

Summary: This appeal relates to a request made under the Freedom of Information and Protection of Privacy Act (FIPPA) to the William Osler Health System (Osler) for the names of five security guards who moved the requester, an in-patient at a hospital within the Osler health system, to an isolation room, on a particular date. Osler identified an incident report as a record that contained the requested information and granted partial access to it, withholding the names of the security guards pursuant to the exemptions at section 21(1) (personal privacy) of FIPPA and section 52(1)(e)(i) (risk of serious harm) of PHIPA. This order finds that PHIPA applies to the requested information but that section 52(1)(e)(i) does not apply to exempt the information from disclosure. Osler is ordered to provide the appellant with access to the names of the security guards in the incident report.

Statutes Considered: Personal Health Information Protection Act, 2004, S.O. 2004, c. 3, Schd. A, sections 3(1), 4, 8(1), 8(4), 52(1)(e)(i).

Orders and Investigation Reports Considered: PHIPA Decisions 17, 34, 90, 117, 120, 123, 142 and 164 and Order PO-1940.

OVERVIEW:

[1] Following an incident that occurred at the Brampton Civic Hospital (the hospital) in the early morning hours on a day in December 2017, five security guards moved an in-patient at the hospital, a hospital within the William Osler Health System (Osler), to an isolation room. Subsequently, the patient submitted a request under the Freedom of Information and Protection of Privacy Act (FIPPA) to Osler for the names of the five security guards who moved her to the isolation room.

[2] Osler identified an incident report that contained the responsive information and granted the requester partial access to it, withholding the names of the security guards on the basis that the mandatory personal privacy exemption at section 21(1) of FIPPA applies to that information. It cited the factor at section 21(2)(e) (pecuniary or other harm) in support of its decision.

[3] The requester, now the appellant, [1] filed an appeal of Osler’s decision to the Office of the Information and Privacy Commissioner of Ontario (the IPC). A mediator was assigned to attempt to facilitate a mediated resolution between the parties.

[4] During mediation, Osler issued a supplemental decision denying access to the security guards’ names on the basis of section 52(1)(e)(i) (risk of serious bodily harm) of the Personal Health Information Protection Act (PHIPA). In its decision, Osler advised that it was claiming section 52(1)(e)(i) of PHIPA, in addition to its original claim that section 21(1) of FIPPA, applies to the information.

[5] The appellant advised that she is also requesting a review of Osler’s supplemental decision to deny access to the information under section 52(1)(e)(i) of PHIPA.

[6] As the parties did not reach a mediated resolution, the matter moved to the adjudication stage where an adjudicator may conduct an inquiry under FIPPA and/or a review under PHIPA.

[7] As the adjudicator, I decided to conduct an inquiry. I began my consideration of the parties’ positions by seeking representations from Osler on the issues, which I set out in a Notice of Inquiry and Review. Osler provided representations which were shared with the appellant pursuant to the IPC’s sharing procedure which is set out in both the Code of Procedure and the Code of Procedure for Matters under the Personal Health Information Protection Act, 2004. The appellant provided representations in response to the Notice of Inquiry and Review. I determined that it was not necessary to seek a reply from Osler with respect to those representations.

[8] I also attempted to notify the five security guards in order to provide them with an opportunity to state their position on the disclosure of their names. When asked to provide contact information for the security guards, Osler advised that it does not maintain personnel files for security guards because they are employees of external service providers. Osler provided me with contact information for the security company that was providing services to Osler at the time of the incident. I notified the security company, advising of the nature of the request and subsequent appeal, and asking it to provide me with contact information for the five security guards. The security company advised that only one of the five security guards involved in the incident is still employed by the company and confirmed that it did not have any forwarding information for the others. [2] The security company suggested, and I agreed, that I contact the security guard who is still employed by the company, through its Human Resources manager. I provided the Human Resources manager with a sealed envelope addressed to the security guard, enclosing a cover letter as well as a Notice of Inquiry and Review, seeking the security guard’s representations.

[9] The security guard responded to my letter and Notice of Inquiry and Review. He advised that he did not wish to submit representations but confirmed that he does not consent to the disclosure of his name in the incident report.

[10] In this order, I find that the incident report contains the appellant’s personal health information under section 4(1) of PHIPA and therefore, her right of access should first be considered under PHIPA. However, I find that the exception at section 52(1)(e)(i) of PHIPA does not apply and I order Osler to provide the appellant access to the names of the security guards, as they appear in the incident report. As no other information remains at issue, it is not necessary for me to consider the appellant’s residual right of access under FIPPA.

RECORD:

[11] The record at issue is an incident report that has been disclosed to the appellant, with the exception of the names of five security guards, which have been redacted. The appellant continues to seek access to the names of the security guards.

PRELIMINARY ISSUE:

Does PHIPA or FIPPA, or both, apply in the circumstances of this complaint?

[12] There is no dispute that Osler is a body that is both a health information custodian within the meaning of section 3(1) of, and subject to, PHIPA, and an institution within the meaning of the definition in section 2(1) of, and subject to, FIPPA.

[13] PHIPA (Part V) grants an individual a right of access to records of their own personal health information that are in the custody or under the control of a health information custodian, subject to limited exceptions. FIPPA grants an individual a right of access to records of general information (Part II) and to their own personal information (Part III) in the custody or under the control of an institution, subject to certain exceptions.

[14] As Osler is subject to both PHIPA and FIPPA, a preliminary matter for determination is whether the appellant’s right of access to the information at issue is to be determined under PHIPA, FIPPA or both.

[15] In order to determine which statute governs the appellant’s right of access, it is necessary to determine whether the record contains the appellant’s “personal health information,” as that term is defined in PHIPA. If it does, the appellant’s right of access will initially be determined under PHIPA. If the record does not contain the appellant’s personal health information, then the appellant’s right of access will only be determined under FIPPA.

[16] In situations where both PHIPA and FIPPA could apply, the custodian/institution must consider the interaction between the two statutes. [3] Sections 8(1) and 8(4) of PHIPA provide guidance in this task. These sections state:

(1) Subject to subsection (2) [containing certain exceptions that are not relevant in this appeal], the Freedom of Information and Protection of Privacy Act and the Municipal Freedom of Information and Protection of Privacy Act do not apply to personal health information in the custody or under the control of a health information custodian unless this Act specifies otherwise.

(4) This Act does not limit a person’s right of access under section 10 of the Freedom of Information and Protection of Privacy Act or section 4 of the Municipal Freedom of Information and Protection of Privacy Act to a record of personal health information if all the types of information referred to in subsection 4 (1) are reasonably severed from the record.

[17] Read together, sections 8(1) and 8(4) of PHIPA preserve an individual’s right of access under FIPPA to certain information in records of personal health information, the right of access to which is otherwise governed by PHIPA. [4]

[18] Where a requester seeks access to a record of personal health information under both statutes, the IPC first considers the extent of any right of access under PHIPA, and then considers the extent of any residual right of access under FIPPA to portions of the record for which a determination under PHIPA has not been made. [5] Therefore, I will first consider the appellant’s right of access to the record at issue under PHIPA.

ISSUES:

1. Does the record contain “personal health information” as defined in section 4 of PHIPA?
2. Is the record “dedicated primarily” to the appellant’s personal health information within the meaning of section 52(3) of PHIPA?
3. Does the exemption at section 52(1)(e)(i) of PHIPA apply to the withheld information in the record?

DISCUSSION:

ACCESS UNDER PHIPA

Issue A: Does the record contain the appellant’s “personal health information” as defined in section 4 of PHIPA?

[19] Section 52 of PHIPA grants an individual a right of access to a record of their own personal health information that is in the custody or under the control of a health information custodian, subject to limited exceptions and exclusions.

[20] In order to determine whether the appellant has a right of access to the record (or any portion of the record) under PHIPA, it is first necessary to determine whether her information in the record constitutes her “personal health information” within the meaning of PHIPA.

[21] “Personal health information” is defined in section 4 of PHIPA, in part, as follows:

(1) In [PHIPA],

“personal health information”, subject to subsections (3) and (4), means identifying information about an individual in oral or recorded form, if the information,

(a) relates to the physical or mental health of the individual, including information that consists of the health history of the individual’s family,

(b) relates to the providing of health care to the individual, including the identification of a person as a provider of health care to the individual,

…

(2) In this section,

“identifying information” means information that identifies an individual or for which it is reasonably foreseeable in the circumstances that it could be utilized, either alone or with other information, to identify an individual.

(3) Personal health information includes identifying information that is not personal health information described in subsection (1) but that is contained in a record that contains personal health information described in that subsection.

[22] Section 4(4) of PHIPA sets out an exception to the definition of “personal health information,” which is not reproduced here as it is of no relevance in this appeal.

[23] In PHIPA Decision 17, and subsequent orders and decisions, the IPC has adopted and applied a broad interpretation of the phrase “personal health information.” [6]

Representations

[24] In its representations, Osler states that it does “not contest that the report may incidentally … contain details of Personal Health information as defined in section 4 of PHIPA” [emphasis in original]. Osler submits that the record was not intended to capture or reflect any material aspects of the appellant’s medical state, history or treatment. However, Osler submits that as the record documents an onsite incident of violent behaviour that occurred in a specific ward of a hospital and involved a patient (rather than a visitor) “[the record] necessarily involves some contextual details that may collectively, but incidentally, constitute [personal health information] [emphasis in original]. Osler submits that: “[i]n fact, the [incident report] designedly contains very few details of [personal health information].”

[25] The appellant submits that “[a]ny record of what happened to me, while under the care of the hospital, should be included in my health records because it includes ‘contextual details’ about [my] treatment by staff at the hospital.”

Analysis and findings

[26] Based on my review of the record, I find that it is a record of personal health information of the appellant within the meaning of section 4(1) of PHIPA. [7] Among other things, the record reveals that the appellant was a patient of the hospital, which, in my view, qualifies as identifying information about the appellant that relates to her physical or mental health, and also relates to the provision of health care to her, within the meaning of paragraphs (a) and (b) of section 4(1) of PHIPA. This finding is consistent with the approach taken by the IPC in PHIPA Decision 17. [8]

[27] Also relevant in this appeal is section 4(3) of PHIPA, which states:

Personal health information includes identifying information that is not personal health information described in subsection (1) but that is contained in a record that contains personal health information described in that subsection.

[28] As an incident report, the record at issue also includes identifying information that may not be considered to be personal health information described in section 4(1). However, because the record is a record of personal health information of the appellant, that identifying information is also the appellant’s personal health information as a result of the application of section 4(3).

[29] The question of whether images of hospital staff and security personnel interacting with a patient on hospital surveillance videos are a patient’s personal health information was considered in PHIPA Decisions 117, 120, 123 and 142. In each of these decisions, the adjudicator found that the images of health care professional hospital staff, hospital security staff and other professionals interacting with a patient qualify as the patient’s personal health information under section 4(1)(b) of PHIPA.

[30] In PHIPA Decision 120, the adjudicator considered hospital video surveillance footage and found that images of police officers and hospital staff qualified as the complainant’s personal health information. She found that the fact that the video was recorded while the complainant was a patient at the hospital was sufficient to establish some connection between his identifying information and the providing of health care to him within the meaning of section 4(1)(b). The adjudicator rejected the hospital’s argument that the video was not related to its provision of health care to the complainant because the staff depicted in it were primarily restraining the complainant until law enforcement arrived rather than providing care.

[31] In PHIPA Decision 123, the adjudicator considered video footage in which hospital staff, including security personnel, restrained and subsequently moved a patient into a seclusion room. She found that the video footage contained the complainant’s personal health information under section 4(1)(b) stating that the term “health care” should be interpreted broadly:

I find that all portions of the video capturing the complainant’s image with the images of other staff members, regardless of their role, constitutes the complainant’s [personal health information] as defined in paragraph (b) of section 4(1) of PHIPA. The definition of “health care” is broad and includes any observation, examination, assessment, care, service or procedure that is done for a health related purpose. Here, the complainant is a patient in a mental health facility who was the subject of a Code White incident. In the context of this complaint, the health care was provided to the complainant by various hospital staff, including security staff, who are observing, monitoring, transporting and restraining him during a Code White incident. [9]

[32] In PHIPA Decision 142, the adjudicator considered security video footage relating to an incident at a rehabilitation hospital. The hospital argued that the video did not consist of the patient’s personal health information because hospital staff depicted in it were security personnel and the patient was not depicted as receiving health care. However, the adjudicator found that as the video revealed that the complainant was a patient at the hospital, it qualified as identifying information relating to the providing of health care to him within the meaning of section 4(1)(b) of PHIPA. The adjudicator considered the broad interpretation of the definition of “health care” given in PHIPA Decision 123 and stated that the security personnel depicted in the video were shown observing or providing other services to the patient for a health-related purpose.

[33] In my view, the reasoning expressed in PHIPA Decision 120, PHIPA Decision 123 and PHIPA Decision 142 is relevant and helpful to my consideration of the circumstances before me.

[34] In my view, similar reasoning applies here. In this case, although the appellant seeks access to the names of the security guards, rather than their images, the analysis and result are similar to that in those previous decisions. The inclusion of the security guards’ names in the report reveals that the appellant, as a patient, interacted with those security guards during her time as an in-patient at the hospital. I find that this is sufficient to establish a connection between the appellant’s identifying information and the providing of health care to her within the meaning of section 4(1)(b) of PHIPA. Additionally, I agree with the statement made by the adjudicator in PHIPA Decision 123 that the definition of “health care” is broad and includes any observation, examination, assessment, care, service or procedure done for a health-related purpose. I find that in responding to a security incident involving an in-patient (the appellant), the record reveals that security personnel observed or provided services to a patient, which in this case, involved moving her to a more secure location, for a health-related purpose.

[35] Even if I were to accept that the interactions between the security guards and the appellant did not have a health-related purpose, I accept that the information is identifying information about the appellant, as a patient, and constitutes her personal health information by virtue of section 4(3) of PHIPA.

[36] Because the record contains the appellant’s personal health information, PHIPA applies to the appellant’s access request. I will now consider the extent of her access rights under PHIPA.

Issue B: Is the record “dedicated primarily to personal health information about the individual requesting access,” within the meaning of section 52(3) of PHIPA?

[37] The extent of the appellant’s right of access under PHIPA also depends on whether a record of her personal health information is “dedicated primarily” to that information. This is because, subject to any applicable exceptions, the right of access in PHIPA applies either to the whole record, or only to certain portions of it. In particular, while section 52(1) of PHIPA confers a right of access to the entire record, section 52(3) limits access where the record is not “dedicated primarily to” the individual’s personal health information. Section 52(3) of PHIPA states:

Despite subsection (1) [setting out exemptions from the right of access in PHIPA], if a record is not a record dedicated primarily to personal health information about the individual requesting access, the individual has a right of access only to the portion of personal health information about the individual in the record that can reasonably be severed from the record for the purpose of providing access.

[38] PHIPA Decision 17 set out the IPC’s approach to the interpretation of section 52(3) which has been consistently applied in subsequent decisions. [10] In order to determine whether a record is “dedicated primarily” to the personal health information of the individual within the meaning of section 52(3), the IPC takes into consideration various factors, including:

• the quantity of personal health information of the requester in the record;
• whether there is personal health information of individuals other than the requester in the record;
• the purpose of the personal health information in the record;
• the reason for creation of the record;
• whether the personal health information of the requester is central to the purpose for which the record exists; and
• whether the record would exist “but for” the personal health information of the requester in it.

[39] This list is not exhaustive.

Representations

[40] Addressing whether the record is dedicated primarily to the appellant’s personal health information, Osler submits that the incident report was not created by a healthcare professional and is not part of the appellant’s health record. It also submits, as noted above, that the record was not intended to capture or reflect any material aspects of her medical state, history or treatment. Osler explains that the incident report is “standard documentation created by [its] security staff for legal/liability reasons.” It explains that it was used to document an “on-site incident of violent behaviour” and is not unlike a police report. It submits that the record is “a product of our building security processes, rather than any healthcare process, and so was not intended to be ‘a record dedicated primarily to personal health information’ of the [appellant].”

[41] The appellant does not make any specific submissions on whether the record is dedicated primarily to her personal health information.

Analysis and finding

[42] I have reviewed the record and find that it is not dedicated primarily to the appellant’s personal health information within the meaning of section 52(3) of PHIPA.

[43] The record at issue in this appeal is an incident report documenting an incident that involved the appellant which resulted in her being forcibly moved by hospital security and placed in a secure location. In my view, the appellant’s personal health information is not central to the purpose of the record. I accept Osler’s submission that the primary purpose of the record was to document the incident and the steps taken by hospital security to contain it. While the appellant’s personal health information is in the record, in my view, it is incidental to the purpose of the record.

[44] Since the record is not dedicated primarily to the appellant’s personal health information, section 52(3) provides that the appellant has a right of access only to the portion of her personal health information that can reasonably be severed from the record.

[45] In this case, Osler has already released the majority of the record to the appellant. I will now consider whether the exemption at section 52(1)(e)(i) of PHIPA applies to the information that remains at issue, the names of the security guards who interacted with the appellant, which I have found above to be her personal health information under section 4(1) of PHIPA.

Issue C: Does the exemption at section 52(1)(e)(i) of PHIPA apply to the withheld information in the record?

[46] Section 52(1) of PHIPA sets out certain exemptions from the right of access to records of an individual’s own personal health information. In its supplementary decision, Osler relied on the exemption at section 52(1)(e)(i) to deny access to the security guards’ names.

[47] Section 52(1)(e)(i) states:

Subject to this Part [Part V of PHIPA, setting out the rights of access and correction to records of one’s personal health information], an individual has a right of access to a record of personal health information about the individual that is in the custody or under the control of a health information custodian unless,

(e) granting the access could reasonably be expected to,

(i) result in a risk of serious harm to the treatment or recovery of the individual or a risk of serious bodily harm to the individual or another person[.]

[48] The standard of proof required under section 52(1)(e)(i) of PHIPA is the same as the standard under sections 49(b) and 20 of FIPPA, and other exemptions that contain the words “could reasonably be expected to.” [11] The health information custodian must demonstrate a risk of harm that is well beyond the merely possible or speculative, although it need not prove that granting access will in fact result in such harm. How much and what kind of evidence is needed will depend on the type of issue and seriousness of the consequences. [12]

Representations

[49] Osler submits that it reviewed the contents of the incident report and in light of the nature of the incident itself and the nature of the hospital’s interactions with the appellant, it decided that the names of the guards would be redacted under the exemption at section 52(1)(e)(i). Osler submits that it redacted the names “to mitigate the risk of further/serious, retaliatory harm to the guards.”

[50] Osler submits that in applying the exemption, it considered how the IPC has previously considered “risk of harm” exemptions under FIPPA and PHIPA. It submits that in PHIPA Decisions 17, 34, and 90, for example, the IPC has stated that an institution “must demonstrate a risk of harm… that is well beyond the merely possible or speculative although it need not prove that disclosure will in fact result in such harm.” It submits that in those decisions “crucial uncertainty stemmed from the ‘possible or speculative’ nature of the cited risks.” It submits that, “[i]n contrast, in this case, there is already an actual history of repeated abuse and violence toward staff” [emphasis in original]. Osler notes, however, in compliance with section 52(2), the remaining content in the report, including the names of clinical staff, was provided to the appellant.

[51] The appellant disputes Osler’s submission that “in this case, there is already an actual history of repeated abuse and violence toward staff.” She submits that Osler does not provide any documentation to support its accusation and submits that she gets along “very well with staff” at the hospital, both before and after the incident.

[52] As stated earlier in this order, I attempted to notify the security guards to seek their views on the disclosure of their names in the context of the incident report. I was only able to notify one of the five security guards, the only one who is still employed by the security company that provided services to Osler at the time of the incident. The security guard advised that he did not wish to submit representations and he does not consent to the disclosure of his name in the context of the incident report.

Analysis and findings

[53] As noted above, in previous decisions under PHIPA, it has been determined that the standard of proof required under section 52(1)(e)(i) of PHIPA is a demonstrable risk of harm that is well beyond the merely possible or speculative although the evidence need not prove that granting access will in fact result in such harm.

[54] In PHIPA Decision 90, the adjudicator considered, under section 52(1)(e)(i), a patient’s request for the name of employees of the Canadian Red Cross Society who provided care to him. The adjudicator found that, despite incidents of verbal abuse by the patient of Red Cross employees, she was not persuaded that providing the patient with access to the employees’ names could reasonably be expected to lead to any of the harms set out in section 52(1)(e)(i) of PHIPA. The adjudicator stated that while the incidents of verbal abuse were inappropriate, they were insufficient on their own to engage the exemption at section 52(1)(e)(i). She found that the harms the Red Cross submitted as “reasonably likely” to result from providing access to the information were speculative in nature. The adjudicator noted she was not persuaded that the evidence demonstrated that the complainant would use the names to contact Red Cross staff.

[55] In reaching her finding in PHIPA Decision 90, the adjudicator noted that in Order PO-1940 (decided under FIPPA), another adjudicator considered a similar fact situation where an institution withheld the names of staff members pursuant to the exemption at section 20 of FIPPA, which considers disclosure that could reasonably be expected to seriously threaten the safety or health of an individual. [13] Although in Order PO-1940, the substantial evidence and history presented by the parties led the adjudicator to conclude that section 20 of FIPPA had been established, the adjudicator noted:

There are occasions where staff working in “public” offices […] will be required to deal with “difficult” clients. In these cases, individuals are often angry and frustrated, are perhaps inclined to using injudicious language, to raise their voices and even to use apparently aggressive body language and gestures. In my view, simply exhibiting inappropriate behaviour in his or her dealings with staff in these offices in not sufficient to engage a section 20 … claim [under FIPPA]. Rather, as was the case in this appeal, there must be clear and direct evidence that the behaviour in question is tied to the record at issue in a particular case such that a reasonable expectation of harm is established.

[56] Most recently, in PHIPA Decision 164, the adjudicator considered whether granting a patient access to video surveillance footage involving their involuntary hospitalization under the Mental Health Act could reasonably be expected to result in serious bodily harm to the security and hospital staff depicted in the records. She found that although the patient, who continued to be involved with the hospital as an outpatient, would be able to identify staff involved in the depicted incident, the evidence provided to her fell short of demonstrating a risk of serious bodily harm because it did not establish a connection between granting access to the records and the reasonable expectation of such harm.

[57] I agree with the findings of the adjudicators in PHIPA Decisions 90 and 164, as well as the comments made by the adjudicator in Order PO-1940 and, in my view, all three are helpful to consider in the circumstances of this appeal.

[58] I do not accept that Osler has provided sufficient evidence to establish that granting the appellant access to the names of the security guards could reasonably be expected to result in a risk of serious harm, bodily or otherwise, to any of those individuals. In this case, in the course of performing their job, the security guards were called upon to move the appellant to a secure room following an incident, which they did. In my view, the nature of being a security guard means that in the course of doing one’s job, difficult and physical interactions with individuals can sometimes occur. From the record itself, I recognize that in the context of this matter, a physical interaction between the appellant and the security guards occurred when they were called upon by clinical staff to move her to a secure room for the safety of herself and others. Osler submits, without further elaboration, that there is an “actual history of repeated abuse and violence towards staff.” I note that this submission mentions staff, in general, rather than specifically identifying security guards among such staff, and Osler’s representations suggest that by releasing the security guards’ names, the security guards would be subject to such abuse and violence. I do not accept that this evidence is sufficient, on its own, to demonstrate a reasonable expectation of a risk of serious bodily harm in the circumstances.

[59] For the reasons outlined above, I find that Osler has not provided me with sufficient evidence to establish that, in the context of this particular incident with this particular individual, granting the appellant access to the security guards’ names could reasonably be expected to result in a risk of serious harm to them. I find that the exemption at section 52(1)(e)(i) of PHIPA does not apply.

Other exemptions to the appellant’s right of access under PHIPA

[60] No other exemptions from the appellant’s right of access under PHIPA have been claimed and, from my review, none appear to apply. In particular, I note section 52(1)(f)(ii)(A) of PHIPA, [14] which permits Osler to claim the application of certain FIPPA exemptions (as a “flow-through” FIPPA claim). As Osler has not claimed that it would refuse to grant access to the security guards’ names under any of sections 49(a), (c) or (e) of FIPPA, the “flow-through” exception at section 52(1)(f)(ii)(A) does not apply. As none of the other exemptions from the right of access under PHIPA have been claimed or apply, I will order the hospital to grant the appellant access to the full incident report, including, in particular, the names of the security guards.

Conclusion

[61] As none of the information remaining at issue is exempt under PHIPA, I will order Osler to grant the appellant access to it, meaning the entire incident report, including the names of the security guards. As there is no remaining information for which a determination under PHIPA has not been made, it is not necessary for me to consider any residual right of access that the appellant might have under FIPPA. [15]

ORDER:

For the foregoing reasons, pursuant to section 61(1) of PHIPA:

1. I order Osler to grant the appellant access to the names of the security guards that it withheld pursuant to section 52(1)(e)(i) of PHIPA by December 29, 2021, but not before December 24, 2021.
2. In order to verify compliance with this order, I reserve the right to require that a copy of the record, as released to the appellant, be provided to me.

Original Signed by:		November 24, 2021
Catherine Corban
Adjudicator