The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Thursday, July 14, 2005
According to the Kansas City Star (registration required), a plastic surgeon is at the centre of a class action lawsuit because he is alleged to have taken home an office computer and to have left it at the curb with his garbage without securely removing patient information. The claim is for negligence, invasion of privacy and breach of fiduciary duty: Kansas City Star | 07/14/2005 | Patients sue doctor over old computer.
I just googled the name of the surgeon and came upon the following:
Medical Newswire - Healthcare, Biotechnology News Release Service
Erase PHI Before You Discard Old Hard Drives
"KANSAS CITY, KS (HIPAA Wire) You must strip all data from your computer's hard drive before you throw it in the scrap pile -- or risk exposing patients' PHI.
That's the lesson Daniel Bortnick, a Kansas City plastic surgeon, learned after patients' before-and-after photos and other PHI were found on a computer the surgeon had deposited in his curbside trash.
Robert Dickerson discovered the information and voluntarily gave the computer and its contents to KCTV. The news station then began contacting patients -- who turned to the surgeon's employer, Monarch Plastic Surgery Group, for answers.
Monarch requested and was granted a restraining order that forbids KCTV from "using, publishing, disseminating, broadcasting, distributing, or disclosing" the PHI found on the computer. But KCTV isn't giving up its fight to expose the surgeon's lax privacy and security policies.
"We either have to violate the order, we've got to  the story in a way that doesn't violate it, or we have to say, 'We've got an important story to tell you that the courts won't let us yet. Stay tuned,'" the station's lawyer Bernard Rhodes told the Kansas City Star. Rhodes is taking the case to the Kansas Supreme Court for resolution.
Bottom Line: Protect both your organization's reputation and your patients' PHI by double checking that all data stored on your computer is destroyed -- before you send your hard drives to the trash pile."
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.