Protected Health Information / Police
Still Need Coffee
507 Posts
Question for those of you out there whose businesses deal with protected health information (PHI / IIHI).
If you had a situation where there may have been a breach of PHI, would you notify the police? My research shows that most of the time the police aren't notified unless an actual identity theft happens, not just when the information goes outside your organization.
Thoughts? I know I'm being cryptic, but I'm sure you can understand why
If you had a situation where there may have been a breach of PHI, would you notify the police? My research shows that most of the time the police aren't notified unless an actual identity theft happens, not just when the information goes outside your organization.
Thoughts? I know I'm being cryptic, but I'm sure you can understand why
Comments
We're drafting a remediation plan for the breach, and someone tossed out the police idea.
My thought is that unless there was actual criminal activity (namely, identity theft, stolen laptop, etc), police shouldn't be contacted. Instead, the affected parties should be given info on contacting the credit bureaus, and if they suspect fraud, to alert the authorities.
If it were me I think you have an obligation to those individuals to report it.
I'll keep you posted.
I think I would report it to the police. Reasoning - we have a policy concerning proprietary information and unauthorized dissemination thereof. Company files would fall under this policy. By e-mailing them to herself, she has stolen proprietary info.