What is a privacy breach?
A privacy breach is the disclosure/sharing/collection of personally identifiable information (PII) that is outside of the reason for its collection or use. This includes viewing PII for curiosity reasons, selling PII for payment (e.g. selling contact data), posting PII for malicious purposes, or data that has been hacked.
Sending an OCF to HCAI via fax is considered a privacy breach. There is no process for sending information by any means except the HCAI system.
What to do in case of a breach
If you think there has been an improper use or disclosure of PII from HCAI, contact your organization’s privacy office and HCAIP’s Chief Privacy Officer (CPO) immediately.
To contact HCAIP’s CPO, email firstname.lastname@example.org.