According to the Kansas City Star (registration required), a plastic surgeon is at the centre of a class action lawsuit because he is alleged to have taken home an office computer and to have left it at the curb with his garbage without securely removing patient information. The claim is for negligence, invasion of privacy and breach of fiduciary duty: Kansas City Star | 07/14/2005 | Patients sue doctor over old computer.
I just googled the name of the surgeon and came upon the following:
Medical Newswire - Healthcare, Biotechnology News Release Service
Erase PHI Before You Discard Old Hard Drives
"KANSAS CITY, KS (HIPAA Wire) You must strip all data from your computer's hard drive before you throw it in the scrap pile -- or risk exposing patients' PHI.
That's the lesson Daniel Bortnick, a Kansas City plastic surgeon, learned after patients' before-and-after photos and other PHI were found on a computer the surgeon had deposited in his curbside trash.
Robert Dickerson discovered the information and voluntarily gave the computer and its contents to KCTV. The news station then began contacting patients -- who turned to the surgeon's employer, Monarch Plastic Surgery Group, for answers.
Monarch requested and was granted a restraining order that forbids KCTV from "using, publishing, disseminating, broadcasting, distributing, or disclosing" the PHI found on the computer. But KCTV isn't giving up its fight to expose the surgeon's lax privacy and security policies.
"We either have to violate the order, we've got to  the story in a way that doesn't violate it, or we have to say, 'We've got an important story to tell you that the courts won't let us yet. Stay tuned,'" the station's lawyer Bernard Rhodes told the Kansas City Star. Rhodes is taking the case to the Kansas Supreme Court for resolution.
Bottom Line: Protect both your organization's reputation and your patients' PHI by double checking that all data stored on your computer is destroyed -- before you send your hard drives to the trash pile."