throwaway12453
New member
I'm in a serious situation where I discovered early on in my time at a medical research lab that my employers are storing their patient information (life events, phone numbers, names, dicoms) through unsecure means (like Dropbox, but also on a variety of other methods), which is 100% not approved by the institution and I'm positive this is not HIPAA safe. I brought this to my PI's attention and she was completely dismissive of the problem. She said it's not something to worry about even though I told her I spoke with the privacy department at our institution and they confirmed if we were doing the exact things we are doing then we are violation of HIPAA. It's not even a question of if I misunderstood something. This violation is obvious and at a massive scale. What I want to know is: What is the most likely scenario if I report them? Will I face ramifications in any way if I'm the one reporting? I'm a pretty low level staff member at the lab.
State: CA
State: CA
Last edited: