South Africa: South Gauteng High Court, Johannesburg Support SAFLII

You are here:  SAFLII >> Databases >> South Africa: South Gauteng High Court, Johannesburg >> 2019 >> [2019] ZAGPJHC 153

| Noteup | LawCite

Thabela v Nedgroup Medical Aid Scheme/Medscheme (28173/2016) [2019] ZAGPJHC 153; 2020 (1) SA 318 (GJ) (21 February 2019)

Download original files

PDF format

RTF format

Links to summary

PDF format

RTF format


REPUBLIC OF SOUTH AFRICA

IN THE HIGH COURT OF SOUTH AFRICA

GAUTENG LOCAL DIVISION, JOHANNESBURG

CASE NO: 28173/2016

In the matter between:

TSHIDINO THABELA                                                                                                Plaintiff

and

NEDGROUP MEDICAL AID SCHEME/MEDSCHEME                                 First Defendant

NEDGROUP LIMITED/ NEDBANK                                                          Second Defendant

 

J U D G M E N T

 

MODIBA, J:

[1] Tshidino Thabela (“Thabela”) sues Nedgroup Medical Aid Scheme/Medscheme (“the Medical Aid”) and Nedgroup Limited/Nedbank (“Nedbank”) (jointly referred to as “the defendants”), for the payment of an amount of R500, 000, jointly and severally, the one paying the other to be absolved, for damages allegedly suffered as a result of the alleged unlawful disclosure of his private and confidential medical information.

[2] The background facts are largely common cause. Thabela’s claim arises out of his employment with Nedbank, where he held the position of a system engineer specialist from 1 June 2015 to 24 April 2017. His resignation had nothing to do with the present cause of action.

[3] Prior to joining Nedbank, he was diagnosed with Moorhen’s ulcer with symptoms reticent to the right eye. He successfully underwent treatment. When he joined Nedbank, his right eye had become asymptomatic. However his doctor had forewarned him of the possibility of a relapse or symptoms manifesting in the left eye. As fate would have it, shortly after joining Nedbank, his left eye became symptomatic. The treatment he was required to undergo necessitated intermittent absence from work for which he went on authorised sick leave from time to time.

[4] Thabela’s employment with Nedbank was governed by a written contract of employment. Unless he was registered as a dependant on his partner’s registered medical aid scheme, compulsory membership of the Medical Aid was a condition of his employment. He duly joined the Medical Aid, administered by Medscheme. On 29 September 2015, Medscheme addressed an email to Nedbank with Thabela on copy, attaching Thabela’s member claim report for the period 2 July 2015 to 10 September 2015 and a letter dated 8 September 2015, authorising his admission to hospital on 10 September 2015 for a surgical procedure to his left eye.

[5] Thabela alleges that:

[5.1] he did not give the Medical Aid permission to disclose his private and confidential information contained in the above documents; alternatively he did not consent to such disclosure; further alternatively no statutory or legal justification existed for the disclosure;

[5.2] by disclosing the information, the defendants breached his right to privacy in terms of section 14 of the Constitution of the Republic of South Africa, 1996 (“the Constitution”) and/ or section 14 of the National Health Act (“NHA);[1]

[5.3] the defendants disclosed the information with the intention to injure his good name, reputation and dignity.

[6] The defendants deny that the disclosure was unlawful. Consequently, they also deny any liability to Thabela. They rely on the following grounds of justification:

[6.1] Thabela consented to the disclosure of his personal information. The Medical Aid disclosed this information to Nedbank pursuant to such consent;

[6.2] at the time of disclosure, the disclosed information was not confidential;

[6.3] the defendants lack the requisite intention to impair Thabela’s privacy;

[6.4] Thabela absolved Nedbank from any liability for failing to obtain his consent prior to the alleged unlawful disclosure in terms of any relevant personal information legislation.

 

THE CONSTITUTIONAL CLAIM

[7] The question that arises in respect of this claim is whether the disclosure of Thabela’s private and confidential information violates section 14 of the Constitution. This section provides:

Everyone has the right to privacy, which includes the right not to have-

(a) their person or home searched;

(b) their property searched;

(c) their possessions seized; or

(d) the privacy of their communications infringed.”

[8] In answering this question, I am guided by the following legal principles:

[8.1.] section 38 of the Constitution makes provision for appropriate relief where constitutional rights have been breached. The section provides:

Anyone listed in this section has the right to approach a competent court, alleging that a right in the Bill of Rights has been infringed or threatened, and the court may grant appropriate relief, including a declaration of right. …”

[8.2] the court will award damages if it considers damages to be an appropriate remedy for the constitutional breach complained of;[2]

[8.3] whether the nature of the relief sought constitutes appropriate relief is determined by its object and ability to effectively remedy the violating conduct and the constitutional breach complained of.[3]

[8.4] where a delictual remedy is available to address breach of a constitutional duty, such a remedy would constitute appropriate relief as envisaged in section 38.[4]

[9] For the purpose of considering this ground of Thabela’s claim, I assume that the disclosed information is private and confidential and that Thabela did not permit or consent to its disclosure.

[10] The actio iniurairum protects and redresses the infringement of the privacy of one’s communication in terms of the common law. This is the same right protected under section 14 of the Constitution. Thabela asserted no basis for a finding to the contrary. This finding is consistent with that made by the Constitutional Court in NM and Others v Smith and Others (Freedom of Expression Institute as Amicus Curiae)[5] where the plaintiff sued the defendants for the violation of their rights to privacy, dignity and psychological integrity arising from the publishing of their names and HIV status in a book without their consent.

[11] In the premises, the common law actio iniurairum constitutes an appropriate remedy for the alleged breach of a constitutional duty within the framework of section 38. I consider his alternative claim based on the actio iniurairum later in this judgment.

 

BREACH OF A STATUTORY DUTY

[12] Thabela’s claim for breach of a statutory duty is based on section 14 of the NHA. This section provides:

Confidentiality

(1) All information concerning a user, including information relating to his or her health status, treatment or stay in a health establishment, is confidential.

(2) Subject to section 15, no person may disclose any information contemplated in subsection (1) unless-

(a) the user consents to that disclosure in writing;

(b) a court order or any law requires that disclosure; or

(c) non-disclosure of the information represents a serious threat to public health.”

[13] Section 15 provides:

Access to health records:

(1)  A health worker or any health care provider that has access to the health records of a user may disclose such personal information to any other person, health care provider or health establishment as is necessary for any legitimate purpose within the ordinary course and scope of his or her duties where such access or disclosure is in the interests of the user.

(2)  For the purpose of this section, “personal information” means personal information as defined in section 1 of the Promotion of Access to Information Act, 2000”.

[14] When interpreting these provisions having regard to their clear language and the purpose and context for which they were enacted, I find that Section 14 (1) renders all information relating to a person’s health status, treatment or stay in a health establishment confidential. Section 14 (2)[6] prohibits the disclosure of this information subject to the provisos in section 4 (2) (a) – (c) and section 15. Section 17 (2)[7] prohibits the use of a user’s confidential health information.

[15] The prohibitions in section 14 (2) and 17(2) (b) – (h) apply against any person, including the defendants. When regard is had to the prohibition against the use of a person’s confidential medical information in sections 17 (2) (b) – (h), to limit the prohibition in section 14 (2) only to health workers and health care providers as contended by the defendants will lead to an absurdity not intended by the legislature. The effect of such a limitation would absolve persons other than health workers and health care providers from disclosing a person’s confidential medical health information when they are in possession of this information. This would render the confidential nature of this information under section 14 (1) trifling when disclosed by persons other than these. The effect of section 14 read with section 17 is to prohibit both the disclosure and use of a person’s confidential medical health records - subject to the provisos already alluded to - against any person who unlawfully discloses or uses this information. This dual protection significantly safeguards the confidentiality of medical health records.

[16] The proviso in section 15 (1) where reference is made to health workers and health care providers, serves to protect them from an alleged breach of section 14 where the disclosure was made under circumstances envisaged under section 15 (1). Only these officials may raise a defence in terms of section 15 (1). Section 17 (1)[8] creates a statutory duty towards persons in charge of health establishments. Section 17 (2) (a) provides for criminal liability for failure to comply with the said statutory duty.

[17] The Thabela’s case as pleaded is only based on breach of section 14 (1) and the absence of justification for such breach in terms of section 14 (2).  Therefore Thabela’s claim against the defendants for breach of section 14 (1) read with section 14 (2) is competent. 

[18] Tshabalala-Msimang,[9] relied on by Thabela, is a very important decision on the privacy of one’s medical health records. In that case, the then Minister of Health’s medical records which included disparaging information relating to her stay in hospital, were illegally obtained and published in a newspaper without her consent. Citing section 17 of the NHA, she successfully sought the return of the information and interdicted a journalist and the newspaper from using it or commenting on it. 

[19] The court reasoned that under the Constitution, as well as the National Health Act, private information contained in the health records of a user relating to the health status, treatment or stay in a health establishment of that user is private and confidential and worth protecting as an aspect of human autonomy and dignity. This included the right to control the dissemination of information relating to one's private medical-health records that would definitely impact on an individual's private life, as well as the right to the esteem and respect of other people.[10] This right entitled Tshabalala-Msimang not to have her private medical information disclosed to the public without her consent.[11]

[20] Counsel for the defendants sought to distinguish Tshabalala-Msimang on the basis that her medical health information was illegally removed from the hospital archives. In light of the interpretation of section 14 (1) read with section 14 (2) and section 17, set out above, the sources of the unlawfully disclosed information is immaterial, therefore the distinction sought to be drawn inconsequential. Rather, a material distinction between Thabela and Tshabalala-Msimang arises from what I find in casu, (that unlike Tshabalala-Msimang), Thabela previously disclosed his medical health information to the respondents.

[21] The court in Tshabalala-Msimang further held that it is generally the user under the relevant provisions of the National Health Act that has the right to determine who obtains access to her health records and to information relating to her health status,  treatment and stay as a patient in a health establishment. He or she may exercise this right by consenting to its disclosure in term of section 14 (2) (a).

[22] Below, from paragraph 26 onwards, I determine that as against Nedbank, the information was not confidential as envisaged under section 14(1) when the Medical Aid disclosed it to Nedbank, Thabela having previously disclosed it to Nedbank.

[23] Therefore Thabela’s reliance on the dictum in Tshabalala-Msimang is misplaced.

[24] In the premises, Thabela’s claim based on breach of a statutory duty also stands to fail.

 

ACTIO INIURAIRUM

[25] To succeed under this claim, Thabela must establish the following elements on a preponderance of probabilities:

[25.1] wrongfulness;

[25.2] the intention to injure (animus iniuriandi);

[25.3] the impairment of his privacy;

[26] As already stated, Nedbank raised two grounds of justification in respect of this claim namely:

[26.1] the disclosed information was not confidential;

[26.2] Thabela consented to the disclosure in clause 2.1.1 of his employment contract.

I regard the first ground of defense to be determinative of Thabela’s claim.

[27] I reason below that Thabela’s claim fails on the first ground of justification set out in [26.1] above.

 

Wrongfulness

[28] In their request for further particulars for trial, the defendants requested Thabela to identify precisely which of the disclosed information constituted private and confidential medical information which was not known to Nedbank on 29 September 2015 before the Medical Aid disclosed it to Nedbank. He responded as follows:

The medical certificates ‘TTA’ indicating the diagnosis/treatment, ‘TTB’ indicating the Preliminary report of the Plaintiff’s medical condition and or diagnosis of medical condition, ‘serious eye problem’, and nature of treatment and medication prescribed ‘TTC’ and ‘TTD’ email to Marneweck confirming Hospital admission and member claims statement indicating claims submitted from 1 July 17 September 2015 (sic). (claims (sic) submitted for inter alia treatment received), ICD10 Codes, blood tests conducted. The above information includes all information pertaining to Plaintiff’s health status, treatment or stay in Health establishment.”

[29] His evidence, as well as the evidence of Mnculwane reveals that from the commencement of Thabela’s employment with Nedbank until 18 September 2015, Thabela repeatedly disclosed and discussed his medical condition and medical treatment including chemotherapy and the need for him to undergo surgery with several Nedbank employees, including Mnculwane, Banfield and McConnachie.  He conceded under cross examination that prior to the disclosure by the Medical Aid, he did disclose to Mnculwane that he was scheduled to undertake blood tests as part of the treatment regimen for his eye condition. From the evidence, it appears that the only information he did not personally disclose to these officials prior to the alleged unlawful disclosure relates to the nature of the blood tests that he undertook, which are detailed with more specificity in the member claim report. He however conceded under cross examination that the blood tests that are detailed in the member claim report were undertaken as part of the treatment regimen for his eye condition and that all the disclosed information related to the diagnosis and treatment for this condition, which he had disclosed and nothing else. He also conceded that nothing in the claim report support his contention that certain blood tests and treatment reflected therein may give rise to a suspicion that he suffers from another condition for which he may be victimised by Nedbank or its officials.

[30] The information Thabela did not disclose, namely, the nature of blood tests that he undertook, as against what he alleges the Medical Aid unlawfully disclosed to Nedbank, as well as the concessions he made under cross examination as discussed in paragraph 29 above, render the alleged unlawful disclosure of no consequence.

[31] By disclosing his diagnosis and treatment to Nedbank’s employees, Thabela rendered the confidential character of this information as between him and the defendants derelict. I therefore find that the information was not confidential when the Medical Aid disclosed it to Nedbank.

[32] Under cross examination, Thabela acknowledged further occurrences that support a finding that he has not succeeded in discharging his onus in respect of this claim:

[32.1] he had stated to Memavhada, one of his colleagues at Nedbank that due to his work commitment to Nedbank, which required him to be at work, he lost out on a government tender opportunity.

[32.2]  during his recruitment process, he disclosed to Nedbank that he has external business interests which, coupled with what he told Memavhada, who relayed it to Mnculwane, it was reasonable for Mnculwane to be concerned about his intermittent absence from work. This is more so because after approximately 10 weeks of employment, he had taken 20 days sick leave which is excessive under normal circumstances.

[32.3]  using his personal information was necessary to verify the correctness of his sick notes and whether he was pursuing external business interests. These verifications were necessary to facilitate and secure his further employment with Nedbank.

[32.4]  by verifying this information, Nedbank acted consistently with the provisions of his employment contract.  The relevant clause provides as follows:

Fulfilment of the requirements of Nedbank’s’ screening policy: you further acknowledge that Nedbank will from time to time undertake integrity checks which include SAPS fingerprint screening and the collection of your personal data. In the event of an adverse report after having commenced employment, your services may be terminated.”

[33] Having regard to the above, I find that Thabela has failed to establish on a preponderance of probabilities that:

[33.1] the disclosure was wrongful;

[33.2] the disclosure resulted in the impairment of his privacy;

[33.3] the defendants had the intention to injure when the said disclosure was made.

[34] In the premises, I make the following order:

 

ORDER

1. The plaintiff’s claim is dismissed with costs.

 

_________________________

      L T MODIBA

    JUDGE OF THE HIGH COURT

GAUTENG LOCAL DIVISION, JOHANNESBURG

 

 

APPEARENCES:

Counsel for the Plaintiff: Mr A Viviers

Instructed by: Hamel Attorneys, Magalieskruin, Pretoria

Counsel for the Defendants: Mr PT Rood SC

Instructed by: Lowndes Dlamini Inc, Sandton, Johannesburg

Date delivered: 21 February 2019

 

[1] 61 of 2003.

[2] Dendy v University of the Witwatersrand and Others [2005] ZAGPHC 39; 2005 (5) SA 357 WLD at 368E-F.

[3] Fose v Minister of Safety and Security [1997] ZACC 6; 1997 (3) SA 786 CC. See also Hoffmann v South African Airways 2001 (1) SA 1 CC at para 42.

[4] Fose supra at 369G-370B.

[5] 2007 (5) SA 250 (CC)

[6]  See para 12 above.”

[7] 17. Protection of health records

(2) Any person who-

(a) fails to perform a duty imposed on them in terms of subsection (1);

(b) falsifies any record by adding to or deleting or changing any information contained in that record;

(c) creates, changes or destroys a record without authority to do so;

(d) fails to create or change a record when properly required to do so;

(e) provides false information with the intent that it be included in a record;

(f) without authority, copies any part of a record;

(g) without authority, connects the personal identification elements of a user’s record with any element of that record that concerns the user’s condition, treatment or history;

(h) gains unauthorised access to a record or record-keeping system, including intercepting information being transmitted from one person, or one part of a record-keeping system, to another;

(i) without authority, connects any part of a computer or other electronic system on which records are kept to-

(i) any other computer or other electronic system; or

(ii) any terminal or other installation connected to or forming part of any other computer or other electronic system; or

(j) without authority, modifies or impairs the operation of-

(i) any part of the operating system of a computer or other electronic system on which a user’s records are kept; or

(ii) any part of the programme used to record, store, retrieve or display information on a computer or other electronic system on which a user’s records are kept,

commits an offence and is liable on conviction to a fine or to imprisonment for a period not exceeding one year or to both a fine and such imprisonment.

[8]  “Protection of health records:

(1) The person in charge of a health establishment in possession of a user’s health records must set up control measures to prevent unauthorised access to those records and to the storage facility in which, or system by which, records are kept.

[9] Tshabalala-Msimang and Another v Makhanya and Others 2008 (6) SA 102 (W).

[10] Paragraph [27] at 114B – E.

[11] Paragraph [30] at 115E – G.