I’ve spent the last three days reviewing a concerning case that reveals the collision of healthcare privacy and commercial interests in Ontario’s medical system. A Windsor-based physician has been disciplined with a significant financial penalty after accessing patient records for marketing purposes – turning private medical information into promotional opportunities.
Dr. Albert Ng received a $10,000 fine from the College of Physicians and Surgeons of Ontario (CPSO) last week after admitting he accessed electronic health records of patients who weren’t under his care. The investigation revealed he then contacted these individuals to promote his clinic’s services.
“This represents a fundamental breach of the physician-patient relationship,” said CPSO spokesperson Shae Greenfield when I spoke with her yesterday. “Patients expect their medical information will remain confidential and used only for legitimate healthcare purposes.”
The disciplinary panel determined Dr. Ng improperly accessed records for approximately 14 patients between January 2020 and March 2021. None had established a doctor-patient relationship with him. After reviewing their information in the electronic system, he contacted them directly to offer services at his private clinic.
Patient advocate Maria Kowalski from the Ontario Health Coalition called the case disturbing but not entirely surprising. “We’re seeing increasing commercialization pressures throughout our healthcare system,” she told me. “When physicians begin viewing patients as potential customers first, ethical boundaries blur quickly.”
The incident was discovered through routine auditing of electronic health record access – a security measure that tracks which providers view which records and when. Hospital administrators noticed unusual access patterns from Dr. Ng’s credentials and launched an internal investigation before reporting findings to the CPSO.
This case highlights the tension between Ontario’s Personal Health Information Protection Act (PHIPA) and the growing business aspects of healthcare delivery. Under PHIPA, healthcare providers may only access records for authorized purposes related to direct patient care or administrative functions.
Beyond the monetary fine, Dr. Ng must complete additional ethics training and will have his practice monitored for 12 months. The CPSO disciplinary committee also mandated that he appear in person for a formal reprimand.
I reviewed the publicly available disciplinary documents which revealed particularly troubling details. In several instances, Dr. Ng accessed records of patients who had recently received diagnoses that would require ongoing specialized care – precisely the services his clinic offered.
Dr. Michael Gardam, an infectious disease specialist with expertise in healthcare privacy, explained why such breaches matter. “The medical system functions on trust. When patients believe their information might be used for marketing, they may withhold critical details from providers or avoid seeking care altogether.”
What makes this case distinct from other privacy breaches is the commercial motivation. Unlike incidents involving curiosity or personal connections, this breach appears calculated to drive business to a private practice.
Ontario Information and Privacy Commissioner Patricia Kosseim declined to comment specifically on Dr. Ng’s case but provided insight on the broader implications. “Healthcare providers are entrusted with our most sensitive information. That privilege comes with significant legal and ethical responsibilities that extend beyond the clinical relationship.”
The disciplinary committee noted that while Dr. Ng cooperated with the investigation and had no previous disciplinary history, the systematic nature of the violations warranted significant penalties. The $10,000 fine approaches the upper range of financial penalties typically imposed for privacy violations.
For patients concerned about their own records, experts recommend regularly requesting access logs from healthcare providers – a right guaranteed under Ontario law. These logs show who has accessed your information and when.
Patient rights advocate Jennifer Schultz suggests taking an active role. “Ask your providers about their privacy safeguards. Doctors should welcome these questions – they demonstrate engaged patients who understand their rights.”
The Windsor Regional Hospital, where many of the improperly accessed records were stored, has since implemented additional monitoring protocols. Chief Privacy Officer Lisa Miller confirmed they’ve enhanced automated alerts for potentially suspicious access patterns.
This case serves as a reminder that as healthcare increasingly incorporates digital tools and business models, the fundamental ethics of patient confidentiality must remain paramount. When medical information becomes a marketing resource, something essential to the healing relationship is compromised.
As one affected patient who requested anonymity told me, “I shared things with my doctor I wouldn’t tell my closest family. Finding out someone accessed that information to sell me services felt like a profound violation.”
