Now the real question becomes: who do you "stand your ground with" and what do you do to document your actions?...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
It's not clear to me where this order was coming from. Was it human resources, or was it just your supervisor? Who is in the group that will be receiving this information?
If HR personnel were not involved in this request, then your best bet is to go to them to clarify what the exit procedure is for your job. You can ask an innocent (or seemingly innocent anyway) question to make sure that a professional information hand-off takes place. You don't have to tip your hand that you've been asked to divulge this information in a public place.
In the event HR is involved and has approved this strange process, then first express some reservations about the policy in writing. Get a response back from the corporation in writing. At that point, you've done all you can do to cover your backside, so go to the restaurant and transfer the information.
There is also what I'll call a nuclear option. You could report the process to the Department of Health and Human Services or go to your clients (for whom you are managing the medical cases), tell them about the process and explain your discomfort with it. This basically throws everyone in the organization under the bus. It also will put you at odds with your former employer and could result in messy lawsuits. I don't think this is a good option, but it is an option.
For more information:
Dig Deeper on HIPAA
Related Q&A from Mike Rothman
The CISSP certification can be a challenge to obtain. Mike Rothman unveils how to get on the right education and career tracks in order to get CISSP ...continue reading
In the world of security certifications, what is the GISP and how alike is it to the CISSP? In this security management expert response, learn about ...continue reading
Depending on your enterprise, it may or may not be necessary to utilize a QSA. In this security management expert response, learn how to determine ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.