Q: Am I allowed to work with public health information for a US company while overseas in Brazil?
I'm in public health and specifically deal with public health information (PHI) of clients while working remotely in Brazil. However, I was told by my employer that i cannot be overseas while working with this company because i deal with public health information. I'm kindly asking, if the employer knows that im overseas and decides to take action against me, what consequences can i face? And is it legal to be overseas while working with PHI?
Would appreciate your help.
Thank you.
A:
As you know, penalties for healthcare data breaches are very high and your employer is required to protect PHI.
When you work abroad, your employer cannot control security of your internet, your IP, your router, how the internet traffic travels and through which channels, etc. Since your employer cannot control the most elemental parts of Internet information flow, I'd say your employer is correct to prohibit you from accessing their system from abroad.
It is very easy to identify where you are located based on your IP address. If you use VPN to trick their system into thinking you are in NY, for instance, it is also very easy to identify that. Anyone can trace IPs. I would expect their system will block any VPN traffic. I'd return state-side if you'd like to continue working on sensitive "PROTECTED" health information (PHI).
A:
As a Californian attorney, I can provide general guidance, but the specific legal implications may vary depending on the laws and regulations of your employer's location and the nature of the public health information (PHI) you handle.
In the United States, working with PHI is subject to strict regulations under the Health Insurance Portability and Accountability Act (HIPAA). If you are handling PHI while overseas, it is essential to ensure compliance with HIPAA and any other relevant privacy and data protection laws in both the U.S. and Brazil.
Your employer may have specific policies or contractual agreements regarding remote work and the handling of PHI, which you should review and adhere to. Failure to comply with these policies could lead to disciplinary action, including termination of employment.
To fully understand your rights and responsibilities, it is best to consult with an employment attorney who can review your employment contract, company policies, and the applicable laws to provide you with personalized legal advice. - James Arrasmith, Owner. The Law Offices of James L. Arrasmith.
A: It could lead to violations of the employment agreement. If there is improper/unauthorized release of patient information, it might involve violations of HIPAA laws. Good luck
Justia Ask a Lawyer is a forum for consumers to get answers to basic legal questions. Any information sent through Justia Ask a Lawyer is not secure and is done so on a non-confidential basis only.
The use of this website to ask questions or receive answers does not create an attorney–client relationship between you and Justia, or between you and any attorney who receives your information or responds to your questions, nor is it intended to create such a relationship. Additionally, no responses on this forum constitute legal advice, which must be tailored to the specific circumstances of each case. You should not act upon information provided in Justia Ask a Lawyer without seeking professional counsel from an attorney admitted or authorized to practice in your jurisdiction. Justia assumes no responsibility to any person who relies on information contained on or received through this site and disclaims all liability in respect to such information.
Justia cannot guarantee that the information on this website (including any legal information provided by an attorney through this service) is accurate, complete, or up-to-date. While we intend to make every attempt to keep the information on this site current, the owners of and contributors to this site make no claims, promises or guarantees about the accuracy, completeness or adequacy of the information contained in or linked to from this site.