medcomply.ai
Intel
The HIPAA Security Rule — A Complete Guide for 2026 · Security RuleUnderstanding the HIPAA Breach Notification Rule · Data BreachHIPAA breach notification overview · Data BreachHow to respond to a HIPAA breach · Data BreachHIPAA compliance checklist for covered entities · AnalysisOCR audit preparation checklist and evidence map · OCR EnforcementPatient rights under HIPAA: practical guide · Rule UpdateHIPAA staff training requirements and cadence · AnalysisHIPAA for SaaS and technology vendors · SaaS & TechnologyHIPAA Security Rule overview for compliance teams · Security RuleWhat is a Business Associate Agreement (BAA)? · BAAWhat counts as PHI under HIPAA? · Privacy RuleThe HIPAA Security Rule — A Complete Guide for 2026 · Security RuleUnderstanding the HIPAA Breach Notification Rule · Data BreachHIPAA breach notification overview · Data BreachHow to respond to a HIPAA breach · Data BreachHIPAA compliance checklist for covered entities · AnalysisOCR audit preparation checklist and evidence map · OCR EnforcementPatient rights under HIPAA: practical guide · Rule UpdateHIPAA staff training requirements and cadence · AnalysisHIPAA for SaaS and technology vendors · SaaS & TechnologyHIPAA Security Rule overview for compliance teams · Security RuleWhat is a Business Associate Agreement (BAA)? · BAAWhat counts as PHI under HIPAA? · Privacy Rule

I saw a coworker looking at patient records they shouldn't be

This is an internal HIPAA violation. You have an obligation to report it.

  1. 1

    Do not confront the coworker directly

    This is not your job. Confronting them could create workplace conflict and may compromise any investigation.

  2. 2

    Report it to your privacy officer or manager

    Tell your supervisor or privacy officer what you saw, when it happened, and which patient records were involved if you know. You are protected from retaliation for reporting.

  3. 3

    Write down what you saw while it's fresh

    Note the date, time, what you observed, and any details. Your manager will need this for any investigation.

  4. 4

    Let your privacy officer handle the rest

    They will investigate, determine whether a breach occurred, and decide on appropriate disciplinary action and next steps.

Important

HIPAA prohibits retaliation against employees who report violations in good faith. If you experience retaliation, document it and contact HHS.

Related

Ask AI about this situation →

Not legal advice. Follow your organization's policies and consult counsel for legal questions.