My question involves labor and employment law for the state of: TN
I'm a helpdesk analyst for a large company who has contracts with about 17 different hospitals around the States one of the largest is in Cleveland, Ohio. About two weeks ago we imported some infomation into active directory (AD) so that when we reset a AD account we can verify Fav. color, Mothers Madien name and Last 4 of SSN due to HIPPA law we have to verify that stuff. So i log into the AD box and get ready to work one day and i search for my account and bam my fav. color my mothers maiden name and my FULL social. So i emailed my boss told him i want it removed NOW i don't even understand why my contacted hospital would even need my full social on file i don't work for them i work for a different company. Boss said he would look into it but that was about 2 weeks ago i have yet to hear anything and my social is still up for anybody with AD access to get it... suggestions? legal ones at that? is this a breach of HIPPA?
Ive been up for awhile im tired so if any of that did not come out clearly let me know ill try and help im just tired and ready for bed.