Report a Breach

What is a Privacy Breach?

A privacy breach is one that compromises the security or privacy of Protected Health Information (PHI) that poses a significant risk of financial, reputational, or other harm to the subject of the information.

What is a Security Breach?

A security breach, however, may or may not involve such harm. A security breach is an accidental or intentional violation of a policy designed to protect PHI.

Who Must Report?

All employees must report a breach.  Anyone can report a breach.

What Should Be Reported?

All suspected or actual privacy and security breaches must be reported to the Office of Compliance & Ethics.

How to Report?

The person who discovers the breach, or suspected breach, must initiate the reporting procedures as soon as discovering a breach. The person discovering the breach must complete the Breach Notification/Response Form. The form can be found on HHSAnet and on the HHSA website. Once the form is complete, the form must be submitted to the Office of Compliance & Ethics. The form can be emailed to [email protected]. No employee will be subject to retaliation for reports of suspected compliance issues made in good faith.