Health Care Facility | Insurers | Related Initiatives  

Privacy Breaches

What is a privacy breach?

A privacy breach is a disclosure/sharing/collection of personal information (PI) and/or personal health information (PHI) that is outside the reason for its collection. This includes viewing for curiosity reasons, selling for payment (e.g. selling contact data), posting for malicious purposes, or data that has been hacked. This also includes leaving a claimant/patient file out in a place where it can be accessed by another person, such as a reception desk or treatment room.

For example, sending an OCF to HCAI via fax or providing patient’s information when submitting a ticket inquiry to the HCAI Facility Support is considered a privacy breach. There is no process for sending information by any means except the HCAI system ( or your PMS system).

What to do in case of a breach

If you think there has been an improper use or disclosure of PI or PHI from HCAI, notify your privacy officer immediately. If the breach includes electronic data directly from HCAI, advise the HCAIP Chief Privacy Officer by emailing