This is on a burner account for obvious reasons as I don’t want to get fired. The company I work for is based in SC, but they have support teams all over the 50 states. This is important.
My company is in the business of Pharmacy software & pharmacy software products. Which our support team has access to HIPAA when working with stores.
Recently, they have decided to create an offshore team of about 20-80 people. It’s obvious what they are doing which is replacing us.
My question is, I know some states & CMS have laws stating that people offshore cannot see Medicaid or Medicare’s account & claims information. They are asking us to train this team 2-6 people at a time via teams so they can see how everything works in our system. No guardrails. No special roles eliminating those claims, etc.
How do you go about reporting this? Who do you report this too? Of course, we have reported it to our boss and the training director but nothing happens.
Any advice or direction we can take to preserve some sense of privacy?