HIPPA, IT and Emails
We are a relatively small, family owned company. Our IT Manager, takes it upon himself to read everyone's emails. His stand to the owners is that he worked for a local hospital and had access to all medical records, SSN etc so it is the same thing here. However, now he works with these individuals. We reads peoples emails, and many of them are correspondance between HR, Workers Comp claims, individuals regarding benefit questions, etc. I know this is unethical but I need to be able to present it to the owners that what he is doing is wrong, and have HIPPA violation implications. I know the emails are the company's property, but unless directed by an owner to check an email because of suspision of policy violation, he should not be able to read anything. Any specific rules/laws that I can reference would be greatly appreciated.