If you are exposed to any Protected Health Information (PHI) while delivering a gig (for example, as a courier or driver), you should immediately stop interacting with it and report it through the company’s official support or compliance channel (not to the customer, friends, or social media).
Immediate actions
- Do not read, copy, photograph, share, or otherwise use the PHI, and do not discuss it with anyone who is not authorized.
- Secure the item as best you can according to the platform’s rules (for example, keep it sealed and protected) until you can follow the company’s instructions.
Who to contact
- Use the gig platform’s official support (in-app help, support phone number, or designated email) to report that you were unintentionally exposed to PHI and ask for guidance; for Roadie specifically, the correct answer is to contact Roadie support.
- Do not contact the patient, sender, or recipient directly about the PHI unless the company’s policy or support team explicitly instructs you to.
What to document
- Note the date, time, location, tracking or order ID, and a brief, general description of what happened (for example, “medical records visible in open package”), without creating or saving extra copies of the PHI itself.
- Follow any additional steps the company or its privacy/HIPAA contact gives you, including returning or destroying materials, and complete any required incident forms or training.
Why this matters
- PHI is protected under HIPAA, and companies that handle it must investigate any accidental exposure and mitigate risk, so prompt reporting helps keep you and the company compliant.
- Business associates and their workforce (including gig workers acting on their behalf) are generally required by contract to report suspected PHI incidents quickly so the covered entity can decide if a reportable breach occurred.
