Privacy breaches in healthcare are often discussed in terms of hacked databases or lost records. In May 2026, however, an Ontario Superior Court decision illustrated a different risk: recording patients inside clinical spaces without meaningful consent.
The Ontario Superior Court issued a major class action judgment arising from surveillance practices at a Toronto cosmetic surgery clinic operated by Dr. Martin Jugenburg, widely known online as “Dr. 6ix.” The Court awarded approximately $22.5 million to a class of roughly 7,000 patients and concluded that the clinic’s surveillance practices violated patient privacy and professional obligations.
For dentists, this decision is not merely about plastic surgery. It is a reminder that privacy, consent, and dignity remain foundational obligations in every healthcare environment.
The Facts
The evidence accepted by the Court showed that the clinic operated a network of 24 surveillance cameras over an extended period between 2017 and 2018. Cameras captured activity in locations including consultation areas, operating spaces, and recovery environments—places where patients disclosed sensitive information, removed clothing, underwent treatment, and interacted privately with healthcare staff and family members. Video feeds were reportedly accessible on Dr. 6ix’s personal devices. The Court found there was little to no effective notice and no valid consent process connected to this surveillance system. Importantly, this was not framed as a dispute about security cameras at entrances or reception desks. The central issue was recording patients in areas where privacy expectations are at their highest.
The Legal Framework: Why Consent Failed
For dentists in Ontario, two legal concepts are especially important.
First, under the Health Care Consent Act, 1996 (Ontario), consent must generally be informed, relate to the proposed activity, and be given voluntarily. Patients must understand the nature and purpose of what they are agreeing to.
Second, the Personal Health Information Protection Act, 2004 (PHIPA) regulates the collection, use, and disclosure of personal health information. PHIPA requires that healthcare organizations collect only what is reasonably necessary and that patients be informed about how their information is being handled.
The Court’s findings, together with earlier regulatory investigations, reflected multiple failures in those principles. Patients were not meaningfully told they were being recorded, had no practical opportunity to refuse, and were recorded in contexts unrelated to treatment delivery. Investigators had previously criticized surveillance in spaces where patients might be partially clothed, undressed, or otherwise vulnerable.
Consent in healthcare is not satisfied because a patient enters a building, signs intake paperwork, or assumes cameras exist somewhere on the premises. Healthcare consent must be specific enough for the patient to understand what is occurring.
The Decision
Justice Schabas found liability on several grounds. The Court concluded that operating surveillance cameras in these clinical areas constituted:
- negligence;
- breach of fiduciary duty; and
- the privacy tort known as intrusion upon seclusion.
The fiduciary analysis is particularly relevant to dentistry. Healthcare professionals occupy positions of trust. Patients disclose personal information, submit to examinations, and often remove clothing or become physically vulnerable because they rely on clinicians to act in their interests. The Court rejected explanations that the surveillance system existed primarily for general security purposes and found that the conduct was inconsistent with those professional obligations.
Why Were the Damages So High?
The damages reflected both scale and seriousness.
The Court awarded approximately $21.5 million in aggregate damages for the invasion of privacy itself. The calculation was structured using estimated patient groups: approximately 4,000 surgical patients at $5,000 each and approximately 3,000 non-surgical patients at $500 each. The distinction appears tied to differing levels of privacy intrusion and patient vulnerability across treatment contexts.
An additional $1 million in punitive damages was awarded. Punitive damages are not intended to compensate patients directly for losses. Their purpose is deterrence and denunciation—communicating that conduct involving deliberate disregard for patient privacy warrants condemnation beyond ordinary compensation.
Lessons for Dentists
This case offers several practical lessons for dental practices:
- No recording in treatment or changing areas without a compelling, lawful purpose. Operatories, consultation rooms, sedation areas, and spaces where patients change clothing carry heightened privacy expectations.
- Consent must be explicit and meaningful. Signage alone is rarely enough when recording extends beyond ordinary security monitoring.
- Collect only what is necessary. If video is not required for patient care, regulatory compliance, or documented safety reasons, reconsider whether it should exist at all.
- Separate marketing from care. Images or recordings obtained during treatment should never be used in promotional materials without explicit, informed authorization.
- Audit technology regularly. Cloud cameras, mobile access, remote viewing, and retention settings create risks even when installed with good intentions.
Dentists are not simply custodians of teeth—they are custodians of patient trust. This case shows how quickly that trust can become the centre of litigation when privacy practices drift beyond clinical necessity.
