Corporate Law PHI violation for CMS?

[Skylude]

PHI violation for CMS?

I worked for CSC and General Dynamics they are share data on a flash drive of computer code and other information regarding the new IT RFP for CMS. The new RFP require CSC and General Dynamics to redo all of CMS IT software.

However, the data is being place on none CMS computer, on personal flash drive, and documentation. I current have four flash drives of data and documentation.

People at the site did not encrypt the data and the documents are being place in the no secure trash bin. There are people with laptops which have the code and documentation on it too (these are not CMS Laptops).

Is this a violation? How do I report it to the CMS? I reported it to CSC and General Dynamics and was fired. What should I do to ensure someone is investigating this issue? The new IT system will affect billion of people.

 

[Michael Wechsler]

Do you mean PHI = Public Health Information? Does CMS = Centers for Medicare/Medicaid Services?

So I assume you have two concerns: Do the right thing; Get your job back or be compensated for doing the right thing.

My answer would be the same for both questions - If you were fired for reporting the information properly as was your job, you may want to discuss this with an employment law attorney. The attorney will be able to tell you whether or not your rights were violated, perhaps as a whistleblower too. The employment lawyer will also be able to handle the matter of making sure sensitive data isn't lost and recovered by the wrong hands and nothing will implicate you personally for the handling of that first matter that concerns you -- doing the right thing.