What is a Privacy Breach?
A privacy breach is one that compromises the security or privacy of Protected Health Information (PHI) that poses a significant risk of financial, reputational, or other harm to the subject of the information.
What is a Security Breach?
A security breach, however, may or may not involve such harm. A security breach is an accidental or intentional violation of a policy designed to protect PHI.
Who Must Report?
All employees must report a breach. Anyone can report a breach.
What Should Be Reported?
All suspected or actual privacy and security breaches must be reported to the Office of Compliance & Ethics.
How to Report?
The person who discovers the breach, or suspected breach, must initiate the reporting procedures as soon as discovering a breach. The person discovering the breach must complete the Breach Notification/Response Form. The form can be found on HHSAnet and on the HHSA website. Once the form is complete, the form must be submitted to the Office of Compliance & Ethics. The form can be emailed to firstname.lastname@example.org. No employee will be subject to retaliation for reports of suspected compliance issues made in good faith.