A former medical insurance company employee retained my phi and ss# what actions would be available other than allowing them to sweep it under the carpet

What do you mean they RETAINED your PHI and SS number? Once you give someone your SS number, they have it. No one "retains" it.

Allowing "them" to sweep it under the carpet - who is "them"?

What type of medical company,

A doctor office
Hospital
A company that sells medical info


What do you mean by maintained, did the employee quit and keep your file at their home ?

How do you know this ?

What medical info do they have on you ?

It is a major insurance company. BCBS and the employee was working from home. Retired in 2007 and I was just notified that the person retained copies of her workload, several reports and emails that contained my name ss# and PHI. I was notified by the insurance company ethics and compliance officer

It could be a HIPAA violation. Have you looked into that?

Have you suffered any damages because of this action?

It is a major insurance company. BCBS and the employee was working from home. Retired in 2007 and I was just notified that the person retained copies of her workload, several reports and emails that contained my name ss# and PHI. I was notified by the insurance company ethics and compliance officer

These ethics and compliance officers apparently have nothing better to do than to send out bulk mailings about insignificant things that harm no one. Don't loose any sleep over it.

So a now-retired employee kept some customer information at home and failed to shred it when he/she retired. Ask them for a free identity theft audit. Unless the person used this information to steal your identity, you have nothing to worry about.

I can't imagine that the retired employee intended to use your PHI (http://en.wikipedia.org/wiki/Protected_health_information) for any bad purpose. Probably was simply insufficiently HIPAA-trained or careless.

Unless this person gave out your information to others, while the storage of this info, and company rules of returning it, were broken, it does not really effect you. Since they know about it, there is no need to further report it.