It's a HIPAA compliancy issue. The user was a remote user so we log them in through the domain and then disconnected from the domain so that they could actually login still. So the credentials are still on the computer. The user left the company and was supposed to turn the computer in however that didn't happen yet because they are supposedly lazy. But due to the timeframe it's getting close to HIPAA violation
Contact your managers, they will know what to do. Security (not admins, physical security and asset protection people) are there for this. HR also, they can contact the person and get them to send it in. Keeping their computer at this point is theft. People involve law enforcement for this type of stuff.