A fine of up to $100,000 and five years in jail is possible for violations involving false pretenses, and a fine of up to $250,000 and up to 10 years in jail is possible when HIPAA Rules have been violated for malicious reasons or for personal gain. This was supposed to be a stand-alone comment. That doesnt seem to be you, which is a great sign. Also, legally email addresses themselves dont typically count as 'personal information' as they are contact addresses and are treated in similar ways to phone numbers legally, as opposed to, say, identifying information like full name, DOB and home address all in one document. 1964 is what I remember. Your tone is very this wasnt a big deal and I shouldnt have been fired for it, when it really should be I made a foolish mistake which I deeply regret and Ive definitely learned my lesson. And it could be part of the reason why the story was a bit incoherent, too she went from sort of uncomfortable to really, really uncomfortable. The misrepresentation of what happened is my concern. And even now you sound defensive. Im sure the OP will find a new job. This seems unnecessarily condescending, and I dont think the LW sounds defensive here at all. This was a person whose reviews had been glowing up until that moment and I am sure they are still upset that this came out of the blue. Its good to hear from you! I am not falling on the sword or putting my job on the line for a coworker. The OP actually committed a fairly serious breach. Maybe thats the case in your field, but usually confidential doesnt mean that. My 2cents, LW if something was so exciting you couldnt keep it in, you were in the wrong field. Quite recently, a client of my firm contacted us to say they had heard staff in a bar gossiping about another client. Its completely understandable that you were upset about it when you wrote in (and upset about it now). Period. There wasnt any risk, my judgment was good!. Every bit of what Ive said is probably hearsay. This is so true. Some of the stuff I handle is really interesting logistically and historically but I just do not have the right to get carried away and share it. But Im a journalist whos covered federal agencies, so I know super exciting to agency employees does not necessarily equal huge news for everyone else. It can depend on what mechanisms are in place to protect the content of the email, who is sending the email, who it is being sent to, the content of the email, and whether the subject of the HIPAA information has provided their written authorization for unsecured PHI to be . Challenge them directly and be sure that when they say it's okay to start at 9.30am, make sure they actually mean it, or don't do it. I tell my team that if it leaks from us, they cannot work here. Maybe you let them know more then they should even without meaning too? It also wasnt illegal to share it, because it was about a program or something that has now publicly been announced, so this doesnt even fall under the criminal aspect brought up in the original comment. its not condescending to point out that what LW did was incredibly foolish. And not even trusting her not to publish it, but what if SHE got so excited by the news, just as LW did, that she just had to tell someone, and she picked someone that she trusted implicitly, and told them in strict confidence. Embargoes and off-the-record information are for journalists who are actually covering a story and in most cases that information can be shared in the newsroom (by saying a source told me off record if confidentiality is really important) and acted upon (you can start to write out a story to be ready when the embargo lifts, or call work to corroborate the off-the-record with on background or on record sources). But that was the right response to what you did. I have a friend whose mother did work for an intelligence agency during WW2. Good points, and good advice for anyone whos apologizing for anything. I have news from my job that I cannot share with some coworkers. And Im pointing out that it wasnt a record at all. Draft your UI forms and pre-write your objection to his unemployment on the grounds of "good cause" firing for willful misconduct- Then after all that you can fire him. Im still pretty upset that I had no second chance, but I suppose I just lost their trust.. I dont think your coworker ratted you out. Same here! Thats the real clincher here for me) and on a personal level with management your position is one of trust and you violated the basis of your work. It still sucks, but its not really personal per se, and perhaps it will help a little bit to think of it that way. There are no legal ramifications or civil lawsuits at this stage as it wasn't trade secrets or secret IP. Really? You are almost certainly an at-will employee so you can be discharged at anytime and for any reason or even no reason at all. The issue of whether HIPAA information can be emailed is complicated. While the 911 caller believes criminal charges are appropriate, that is a matter for the district attorney to decide. But you should try to understand how this happened (why that friend? LW, I work under some pretty hefty NDAs (currently, Im working on a project where the security protocols themselves are considered to be non-shareable with anyone who doesnt have a business need for them and hasnt also signed an NDA. Even if this person had not turned her in, there was this bomb just sitting there waiting to go off. That the information eventually became public is not in any way relevant. If you embezzle from the company and tell a coworker who then reports it, the mistake is embezzlement, not telling a coworker about it. OP if I was part of an interview for you, and you brought up this situation the way its phrased here, Im sorry to say it would be an immediate pass. Learn how to protect your investment management firm through intelligent email DLP. You would never want someone to find out from the news media that they no longer have a job, for example. You technically did something, your friend happened to be a journalist, victimless mistake, and so on. Basically, I was fired for X mistake. What am I doing wrong here in the PlotLegends specification? Employees also. Lack of the maturity to keep exciting news to onesself. Yeah, one of my former coworkers, who was allegedly fired from our company for bringing a gun to work, found another job a couple months later in our same industry. A member of the public wants some data, they contact anybody in the agency they can think of, the internal employees bounce it around because somehow they dont know who to send data requests to, and finally it gets to us and we respond. 2. And even worse when it can have legal implications like for insider trading or government secrecy. So you let the cat out of the bag about the cat your zoo bagged? You just seem to still want an answer and I picked up on this as a possible avenue to reflect on in your letter. I was fired over the phone. Really? OP, there is another thing to keep in mind. Changing how you feel (as opposed to what you say or do or think) is not something you need to do to solve the problem. And maybe they can, and maybe that chain will end with someone who doesnt forward the info on, or peter out once the information does become public in this case. Protect your people from socially engineered phishing attacks, Defend against attacks originating from compromised supply chain accounts, Detect fraudulent invoices and payment requests, Prevent people falling victim to targeted impersonation attacks, Defend against the delivery of ransomware and malware by email, Stop phishing attacks that lead to credential theft, Prevent email data loss caused by human error, Block exfiltration of personal and company data, Preserve ethical walls to prevent disclosure of information and avoid conflicts of interest, Apply the appropriate level of encryption to sensitive emails and attachments, Detect and prevent advanced email threats that slip through Microsoft 365, Provide people with easy, actionable advice in real-time at the point of risk, How to use a hacker's toolkit against them. I think youd be in trouble for sharing that kind of information over the phone, regardless of who he was talking to. (Or maybe the coworker did fabricate it, but I feel like thats a massive assumption itself. It shouldnt happen but Id understand if it did. And I did use Slack on my work computer, and I did interact professionally with some journalists who covered my area over Slack. The HIPAA Rules require all accidental HIPAA violations, security incidents, and breaches of unsecured PHI to be reported to the covered entity within 60 days of discovery - although the covered entity should be notified as soon as possible and notification should not be unnecessarily delayed. Yes, this. If asked specifially try to describe in detail what happened and what you learned from it, for example: ask if the new employer has clear guidelines on data handling. She already got that advice from Alison. Resist the temptation to gossip about fellow employees and don't express your disdain for your. We can think things without saying them out loud. My guess is thats where some of the defensiveness in the initial letter comes from that no one would have known if not for the self-report. She did her job. Only behaviors are right or wrong. I went to a church where I attended youth group, sat outside, and repeated my news over and over to Jesus for about three hours before I felt certain I could keep it from anyone else (note that no one else was anywhere nearby). (Im not from the US, and not in government) If I were in OPs place, I would also be upset and feel betrayed. People dont talk about it very much but it definitely happens. And especially in the field youre in, leaks are a big deal, and ESPECIALLY leaks to a member of the press. I dont even share work release information (good or bad) early with my spouse. This is to prevent LW from trying to destroy any evidence. It goes through a game of telephone and the person at the end of the line gets mad that the first person would say such a thing. This is a tough lesson to learn. Clearly yall do not understand handling confidential information. And there was no social media then, so 100+++ times that now. Im also miffed by the fact that the coworker kinda blind sided OP. For the other 2 questions, I would simply urge you to remove the phrase ratted out from your professional vocabulary. You can never rely on people to be 100% trustworthy, no matter how long youve known them. I think thats misunderstanding the severity of why what OP did was not ok. Theres any number of non-confidential matters that are embargoed prior to their public announcement. Im not curious at all, but Im different. Coworker did nothing wrong and isnt untrustworthy but OP erroneously decided to trust her which is key. Yeah, I agree. This issue recently came up for me as an interviewer. reading. (And thats before you tack on that LW thought it wasnt SO bad because he told Journalist Jason, who can keep a secret, as opposed to Reporter Robert, whos a real sieve.). I just wasn't thinking at the moment I sent the information. While most organisations take measures to prevent and protect against external cyber-attacks, many don't protect themselves against accidental leaks by their internal staff. Maybe she had to report it for her job (as some people are speculating) but even still, its okay to be annoyed at someone even if its not 100% logical. I encourage you to get involved with PRSA. Don't use . 2 July 2018 at 9:11PM. I reminded him that anything sent in our work email is subject to FOIA and not really completely private from our employer, so if he was going to continue to work against the plan, use personal email. Im also not going to tell anyone else! I think people beat themselves up enough internally without us having to do it for them most of the time. Ive had to fire someone in a one-strike situation for what I genuinely believe was an honest mistake because it was too big a risk to keep that person on staff going forward. Its too difficult to know which internally-discussed information is confidential and which isnt. The amount that LW trusted that friend is a small fraction of how much the government trusted LW. But the judge's response to the request for a. So, the implication is actually the opposite of giving your feelings 100% credence its saying, separate how you feel from what you do. What you did was misconduct. Yeah the world just being what it is, if youre this bad at keeping secrets, youre gonna get burned by it pretty quick. But despite how liberal weve gotten with sharing information, you really do have to be very strict about upholding confidentiality policies without making any exceptions. Are you being GDPR compliant in your marketing? If you lean over a cubicle and whisper I broke the rule! So while the OP can feel what the OP feels, the sooner she can get rid of any hostile feelings about the coworker, the better it will be for the OP. Dont disagree feelings arent wrong but the way we think about them often is. Ethically, you dont have to do anything. I get so exasperated with TV shows where a SO throws a tantrum about a cop/government worker not being able to tell them stuff, and turns it into a trust issue. In such cases, the employee should be given the benefit of the doubt. The Census Bureau does NOT play with that sort of thing, and you would indeed be given the boot as soon as the breach was uncovered. I totally get how it can be really exciting to hear about cool things, and the impulse to tell the people close to you. Regardless of what the coworker did, ideally we want to nudge OP toward exercising greater impulse control and discretion if OP wants to have a successful career in the same sector/field. Its what you do with what you learn that is important. Hard disagree. If anyone required training to answer FALSE! The obligation to report a security breach doesnt include warning the violator. Everything from whats going to be on sale for Black Friday, to customer financial data. She IS a rat! Maybe a different (and appropriately mortified) approach from the OP in those meetings would of had a different result or maybe not! but the approach in the letter definitely would have convinced me to let her go if I was on the fence. You did a dumb, impulsive thing and when you took time to consider it, you did the right thing. Yes. But, bald facts, they told you not to do the thing you turned around and did. And that is a hard pill to swallow, for sure. The Smurfs have a secret colony in the woods of Maine!. Recurring theme here is that tattling isnt a thing at work. She just needs to learn discretion. When youre put in a position of trust like that and then abuse that trust, you really leave the organization with no other option but to let you go, even if it is your first offense. Am I missing something? i think we often send the message (societally) that making someone feel bad is a mean thing to do; its not. I will never not believe the publisher did that intentionally and threw him under the bus. Thats the one that needs to learn to keep things to herself? January 31, 2022 . In some cases, those policies . Replying to the sender is a good thing to do for a couple of reasons. I accidentally sent the email about the female coworker to this other female coworker. Only hope going forward is own up flatly and without defensiveness . Just keep it to yourself or youll get fired. And thatsnot great? If you own your mistake, meditate on it, learn from it, and learn to tell the story of how you learned from it, then you might be able to get another job in the communications industry working for a company that does not handle sensitive client data, or in another industry where there are no potential confidentiality issues with your job. (For the record, I always told people I was interviewing as a source that there was no such thing as off the record with me its not a requirement of our field, theres no law saying we have to follow that request if asked, so if the subject didnt want me to print something, they shouldnt tell me. If a member of your staff violates this explicit. Browse other questions tagged, Start here for a quick overview of the site, Detailed answers to any questions you might have, Discuss the workings and policies of this site. You believe your friend is trustworthy but, wow, the optics of sharing with a friend who is a journalist are really bad, and . If you cant keep your mouth shut then you need a new line of work. Email violations can jeopardize your job. Is it possible to rotate a window 90 degrees if it has the same length and width? "I made a dumb mistake and misjudged the sensitivity of some data" is both more accurate and less severe. Also, if your mentor went through the trouble of having a conversation with you about your duties and seemed concerned, I doubt she was out to get you she probably felt it was her duty and to her best interest to report now that you have made her an accomplice-after-the-fact in any potential breach (say, your friend was the one out to get you and it leaked before your department had any plans for dealing with a leak, this mentor would also be in trouble for not reporting it as soon as she knew if they found out she did), OP I want to comment on one aspect that I didnt see anyone mentioning directly. In addition to 100% needing to own it when asked about it, I think OP may also benefit from focusing the job search on jobs that dont involve handling sensitive or high profile information. Well 1.) You can bet Id be gone with no second chance despite my almost-20-years and ton of good work. i don't like texting my boyfriend, matthew reed obituary,