What is a privacy breach?
A privacy breach is a disclosure/sharing/collection of personally identifiable information (PII) that is outside the reason for its collection. This includes viewing PII for curiosity reasons, selling PII for payment (e.g. selling contact data), posting PII for malicious purposes, or data that has been hacked. This also includes leaving a claimant/patient file out in a place where it can be accessed by another person, such as a reception desk or treatment room.
Sending an OCF to HCAI via fax is considered a privacy breach. There is no process for sending information by any means except the HCAI system (www.HCAI.ca or your PMS system).
What to do in case of a breach
If you think there has been an improper use or disclosure of personally identifiable information from HCAI, notify your privacy officer immediately. If the breach includes electronic data directly from HCAI, advise the HCAIP Chief Privacy Officer by emailing email@example.com.