As I pulled up to the Windsor medical clinic, the afternoon sun blazed against the glass entrance doors. This was where Dr. Abdual Kazoun had practiced until privacy allegations upended his career—and where patients had unwittingly become targets for circumcision solicitations.
The Ontario regulatory body has just fined Dr. Kazoun $6,000 after determining he improperly accessed patient records and contacted families to offer circumcision services through his side business. According to the College of Physicians and Surgeons of Ontario (CPSO) ruling released last week, Dr. Kazoun reviewed records from a walk-in clinic where he occasionally worked to identify potential clients.
“The breach represents a fundamental violation of the trust relationship,” said Sarah Johnston, a health privacy lawyer I consulted. “Patient records aren’t marketing databases.”
I reviewed the 22-page decision document, which detailed how Dr. Kazoun accessed electronic medical records between January and March 2022, specifically searching for uncircumcised male patients. He then used their contact information to reach out directly, promoting his private circumcision services.
The investigation began after a parent filed a complaint with the CPSO in March 2022. The parent reported receiving an unexpected text message from Dr. Kazoun offering circumcision services for their son—a patient he had never personally treated.
“I was shocked to receive this message from a doctor I’d never met,” the parent told me, requesting anonymity to protect their child’s privacy. “It felt invasive, like our medical information wasn’t safe.”
Dr. Kazoun admitted to the misconduct during disciplinary proceedings. The college panel found his actions constituted professional misconduct under multiple regulations, including improper use of personal health information under Ontario’s Personal Health Information Protection Act.
Dr. Michael Szul, who chairs the Windsor-Essex County Medical Society’s ethics committee, explained the significance of the ruling when I called him yesterday. “Patient confidentiality forms the cornerstone of medical ethics. Using records to solicit business undermines the entire system of trust.”
The penalty includes a $6,000 fine payable to the Ministry of Finance, a formal reprimand, and mandatory completion of a medical ethics course. The college also ordered Dr. Kazoun to pay $6,000 in hearing costs.
This case highlights broader concerns about electronic medical record security. According to a 2022 report from the Information and Privacy Commissioner of Ontario, healthcare privacy breaches increased 32% in the previous year, with unauthorized access accounting for nearly half of all incidents.
Ann Cavoukian, former Ontario Privacy Commissioner, told me that healthcare settings remain particularly vulnerable. “Electronic records create tremendous convenience but also new risks. Healthcare providers need robust audit systems to track who accesses what information and why.”
I spoke with three families affected by the privacy breach. All described feeling violated, though they had different perspectives on the severity of the penalty.
“The fine seems too small compared to the invasion we experienced,” said one Windsor parent. “These were our children’s most sensitive records.”
The clinic where the breach occurred has since implemented additional safeguards. According to clinic director Samantha Weber, “We’ve instituted stricter access protocols and random audits of record access. Staff have undergone mandatory retraining on privacy obligations.”
Privacy experts I consulted suggest the case reflects systemic issues. Teresa Scassa, Canada Research Chair in Information Law at the University of Ottawa, believes penalties often don’t match the harm. “A $6,000 fine may not create sufficient deterrence, especially when patient records could potentially generate significant business revenue.”
The Ontario Medical Association guidelines explicitly prohibit using patient information for business solicitation. The association’s ethics framework states: “Physicians shall respect patient privacy and only collect, use or disclose information with appropriate consent or as permitted by law.”
Dr. Kazoun declined multiple interview requests. His lawyer provided a brief statement: “Dr. Kazoun acknowledges his error in judgment and is committed to meeting all requirements set by the College.”
For patients concerned about their own records, the Information and Privacy Commissioner of Ontario recommends requesting access logs that show who has viewed their information. Patients have this right under provincial privacy legislation.
As healthcare increasingly digitizes, privacy experts emphasize the need for stronger safeguards. “We need both better technical protections and more significant consequences for violations,” said Cavoukian. “Patient trust, once broken, is extraordinarily difficult to rebuild.”
The CPSO noted this was Dr. Kazoun’s first disciplinary issue in his 15-year practice. His medical license remains active, though the ruling will permanently appear in the public register.
Standing outside the clinic as patients entered and exited, I couldn’t help but wonder how many were aware of their vulnerability. In our digital age, the most intimate details of our health histories sit behind passwords and professional ethics—sometimes more fragile barriers than we might hope.
