What is a privacy breach?
A privacy breach is the disclosure/sharing/collection of personal information (PI) and/or personal health information (PHI) that is outside of the reason for its collection or use. This includes viewing for curiosity reasons, selling for payment (e.g. selling contact data), posting for malicious purposes, or data that has been hacked.
For example, sending an OCF to HCAI via fax is considered a privacy breach. There is no process for sending information by any means except the HCAI system.
What to do in case of a breach
If you think there has been an improper use or disclosure of PI or PHI from HCAI, contact your organization’s privacy office and HCAIP’s Chief Privacy Officer (CPO) immediately.
To contact HCAIP’s CPO, email firstname.lastname@example.org.