This website is not affiliated with, endorsed by, or connected to Nuvem Health LLC.
NuvemRx
This site is a non-commercial public archive maintained for regulatory, journalistic, and whistleblower-protection purposes.
This website is not affiliated with, endorsed by, or connected to Nuvem Health LLC.
This site is a non-commercial public archive maintained for regulatory, journalistic, and whistleblower-protection purposes.
This site is a non-commercial public archive documenting a protected whistleblower disclosure made in October 2023. At that time, in my professional judgment as a database administrator, I reasonably believed that a proposed administrator-level access configuration created a material risk of unauthorized access to protected health information under the HIPAA Security Rule. I reported the concern internally and subsequently filed a disclosure with the U.S. Department of Health and Human Services Office for Civil Rights (HHS/OCR) pursuant to its breach-reporting framework. My filing reflected a reasonable belief of reportable risk based on the proposed configuration; it did not assert confirmed data exfiltration or misuse. This archive preserves contemporaneous documentation of those events and the actions that followed, including my termination shortly thereafter. All statements reflect my good-faith understanding at the time and are presented for regulatory, journalistic, and whistleblower-protection purposes.
The HHS/OCR portal requires classification under the “Breach of Unsecured PHI” reporting framework. My filing reflected a reasonable belief that the proposed sysadmin-level access created a reportable risk under that framework. The filing does not assert that confirmed data theft or misuse had occurred at that time.
After submitting a protected HIPAA disclosure to HHS/OCR regarding patient-data security risks, I was terminated within days. At the time of filing, I had no evidence of confirmed data exfiltration; my disclosure concerned a proposed access configuration that, in my professional judgment, created a material compliance risk.
Federal law prohibits retaliation for protected whistleblower activity.
The underlying evidence is preserved and publicly documented.
Statements reflect documented events and preserved contemporaneous records. Federal law prohibits retaliation for protected whistleblower activity.
This site is maintained solely for evidentiary, regulatory, and journalistic purposes.