SINGAPORE: In a recent case that stirred conversations about professional obligations and confidentiality, Singapore’s High Court ruled on whether accessing confidential workplace information without authorization could be justified to expose perceived unfair practices. This complex case delves into the delicate balance between an employee’s duty to investigate potential misconduct and their obligation to maintain confidentiality professionally.
The worker’s dilemma — Investigating safety concerns
According to a recent article published by HRD Asia, a healthcare worker employed by Singapore Health Services, the country’s largest public healthcare provider, argued that accessing confidential patient records without permission was essential for documenting and addressing potential safety issues in his workplace. According to the worker, his employer had failed to follow appropriate termination procedures, and he was denied the opportunity to defend himself. To further his claims, he accessed sensitive information, citing concerns about fairness and workplace safety.
The case raised questions about when an employee’s actions, driven by good intentions, may cross professional boundaries.
Should the desire to investigate misconduct justify breaching confidentiality, or should employees follow more formal channels to address such concerns?
Confidentiality and professional ethics — The weight of responsibility
The worker’s actions were scrutinised when it was revealed that he had accessed patient records without proper authorization on more than 100 occasions. While the worker admitted to breaching confidentiality, he maintained that his motives were to uncover unfair treatment and protect patients. Accessing unauthorized patient records brought attention to the ethical boundaries set by the Singapore Medical Council’s Ethical Code and Guidelines, which unequivocally prohibit doctors from accessing confidential patient information if they are not directly involved in the patient’s care.
The employer’s investigation revealed that the worker had accessed the records of over 70 patients, many of whom had no relation to his department. This breach, which occurred despite direct counselling from his superiors to stop, raised serious concerns about the limits of professional responsibility and the appropriate channels for raising such safety concerns.
Workplace safety vs. company policy
From the employer’s perspective, the breach of confidentiality was a clear violation of workplace rules. The healthcare institution had strict policies to prevent unauthorized access to confidential information, which were outlined in the worker’s employment contract. Clause 39.2 of the agreement expressly prohibited accessing unauthorized information, with data breaches being grounds for immediate dismissal. The court also referenced the organization’s disciplinary policies, which stipulated that such breaches were harmful to patient trust and could result in severe consequences for the employees involved.
Despite the worker’s claim that he had acted in the best interest of the patients, the employer’s investigation determined that the worker’s actions were not justified. The worker’s colleague, whom he accused of mishandling patient care, was found to have received additional training due to the workplace restrictions imposed during the COVID-19 pandemic—not favouritism, as the worker had alleged. The investigation revealed that multiple committees had examined the worker’s complaints and breaches, offering him a chance to defend his position at each stage.
The court’s final verdict — Upholding confidentiality
Ultimately, the court dismissed the worker’s claims of wrongful termination and negligence, underscoring the importance of confidentiality in healthcare settings. While the court acknowledged that patient safety concerns should always be taken seriously, it emphasized that employees should follow the proper channels for reporting such issues rather than resorting to unauthorized investigations.
The judgment reinforced that rules of natural justice do not necessarily apply in private contracts, such as employment agreements, unless explicitly stated otherwise. In this case, the court concluded that patient safety concerns should be reported to the relevant authorities, not investigated by employees. Breaching confidentiality for a personal investigation was deemed inappropriate, no matter the employee’s intent.
This case reminds us that while workplace misconduct must be addressed, maintaining the integrity of professional standards and safeguarding confidentiality are paramount. Employees must navigate these complexities carefully, balancing their duty to investigate misconduct with their responsibility to protect confidential information and follow appropriate channels for raising concerns.