Singapore court examines employer duties when additional misconduct surfaces during discipline review
Singapore's High Court recently dealt with a significant employment law case involving a worker's dismissal following unauthorised access to confidential records.
The worker challenged his termination, arguing that his employer failed to provide adequate due process when additional evidence emerged during disciplinary proceedings.
The worker's main argument centred on procedural fairness - specifically, that his employer should have given him an opportunity to respond to new evidence discovered after formal disciplinary processes had begun.
He argued that discovering additional misconduct during the review process triggered fresh obligations to provide due process, including either convening a new investigation or allowing him to address the additional findings directly.
Initial workplace complaints trigger investigations
The worker was employed as a consultant neurosurgeon at a major healthcare provider and worked at the National Neuroscience Institute (NNI).
The controversy began in September 2020 when he raised complaints about a colleague, alleging that the doctor had been attending to patients at subspecialty clinics in breach of hospital rules against associate consultants managing patients alone at complex surgery cases.
These complaints led to investigations that ultimately found no basis for disciplinary action against the colleague.
Between November 2020 and February 2021, the worker escalated his concerns by sending emails to the group chief executive officer and others.
He alleged that various persons in the neurosurgery department were involved in a conspiracy to allow his colleague to practise on complex neurosurgical cases.
An independent committee of inquiry was convened to investigate these allegations, which concluded there was no professional misconduct.
The situation intensified in June 2021 when two doctors performed surgery on a patient who subsequently died.
The worker sent an email alleging gross negligence and recklessness by the doctors involved.
During the investigation that followed, it emerged through a whistleblower's report that the worker had been accessing medical records of patients not under his care.
Committee inquiry reveals unauthorised access patterns
A dedicated committee of inquiry was established in October 2021 specifically to investigate the worker's conduct.
The committee was tasked "to look into the data breach admitted to by [the worker] to allow for a full investigation to be mounted and to grant [the worker] with the proper due process to respond to the investigation findings." The committee also aimed to determine whether there was a pattern of unauthorised access and if there was malicious intent.
The worker admitted during his interview that he had accessed patient records "despite not being part of his care team, on the basis of a self-declared responsibility to police and investigate patient safety issues" in the neurosurgery department.
During proceedings, he admitted to committing "a pattern of unauthorised access to the case notes and records of patients that were not directly under his care" and to "soliciting for information on patients that were not directly under his care with the intention of finding fault with his colleagues."
The committee's investigation revealed the worker had accessed records of 42 patients on 65 occasions. Despite these admissions, the committee recommended only a formal warning rather than dismissal, considering there were mitigating factors and that he lacked malicious intent.
A formal warning is defined as "a documented session during which the employee would be formally advised and cautioned about his misconduct or unsatisfactory behaviour, areas of improvement and the possible consequences failing such improvement."
Additional evidence emerges during disciplinary review
Under the healthcare provider's policies, cases involving data breaches must be escalated to the disciplinary council, which has the authority to vary disciplinary recommendations.
The council held two meetings in January and March 2022 to review the matter. At the first meeting, several members indicated they were inclined to dismiss the worker despite the committee's lenient recommendation.
The group chief executive officer requested a comprehensive audit of the worker's electronic medical records access logs in early January 2022.
This NNI Data Audit was conducted while the disciplinary council was deliberating the appropriate disciplinary action. At the council's second meeting in March, members considered the results of this audit, which revealed that the worker had accessed records of 36 additional patients from the NNI and 38 patients from another department.
The council ultimately recommended dismissal, citing the worker's "data breach and blatant disregard for patient confidentiality and rules on data security."
The council did not share the audit findings with the worker or provide him an opportunity to respond before making their recommendation. The worker was dismissed in March 2022 and subsequently filed a legal claim for wrongful dismissal.
Worker argues for expanded due process rights
The worker's legal challenge centred specifically on the healthcare provider's failure to provide him with an opportunity to respond to the additional audit results.
He argued that the audit constituted an investigation falling within the scope of the Committee of Inquiry (COI) Policy, which stated that an employee "shall be granted due process and opportunity to explain himself in disciplinary proceedings."
The worker pleaded that his employer "had failed to provide [the worker] with the evidence against him gathered during the [data audit] and hence failed to provide [the worker] the opportunity to respond to the evidence gathered against him, in breach of Paragraph 2.2 of the COI Policy Document."
His legal team argued that fairness required either convening a separate committee to investigate the additional data breaches or providing him with the audit results and allowing him to respond.
The worker accepted the original committee's findings but maintained that procedural fairness demanded notice and response opportunities for any additional evidence used against him.
His case highlighted tensions between efficient disciplinary procedures and comprehensive due process rights in employment contexts.
Employer defends existing procedural framework adequacy
The healthcare provider argued that no additional committee or process was required for the audit results.
The employer maintained that the worker had already received adequate due process through the original committee investigation, where he had admitted to unauthorised access that justified dismissal under his employment contract.
The employer's legal team argued that the audit served merely a confirmatory purpose.
They explained that the data audit "merely served a confirmatory purpose, and that prior to the [disciplinary council] having had sight of the [data audit], three members of the [council] had already expressed the view that [the worker] ought to be dismissed."
They suggested the audit was examined only to assist in determining appropriate disciplinary action.
Under clause 39.2 of the employment contract, the worker was prohibited from accessing confidential information he was not authorised to access, including patient data.
Clause 39.5 provided that a breach "will be grounds for dismissal or other disciplinary action." The employer argued these existing admissions provided sufficient grounds for dismissal regardless of the additional audit findings.
Court clarifies contractual due process boundaries
The High Court examined the contractual framework governing disciplinary procedures.
The judges found that due process obligations under the policies were confined to specific disciplinary proceedings and that "the scope of a disciplinary proceeding must be the alleged act(s) of misconduct that a COI, as the investigatory body, is empanelled to investigate."
The court distinguished between the roles of investigative committees and the disciplinary council.
The judges noted that the committee's role involved fact-finding and investigation, while "the [disciplinary council's] role is to review the COI's recommendations only as to the appropriate disciplinary sanction based on the COI's findings and conclusions, which it may endorse, amend or add to. It is not to review or re-hear the findings of the [committee] in respect of the alleged act of misconduct."
The court concluded that "para 2.2 of the COI Policy does not impose an obligation on [the employer] to convene a COI as regards other allegations of misconduct, such as the findings of other purported data breaches in the [data audit]."
The appeal was dismissed with costs fixed at $30,000, with the court ruling that the healthcare provider had fulfilled its contractual obligations regarding disciplinary procedures.
The judgment established that employers are not required to provide additional due process opportunities for evidence discovered after formal disciplinary investigations have concluded, provided the original investigation followed proper procedures.
