Potential Privacy and Security Incident Report Form

Far Northern Regional Center

Potential Privacy and Security Incident Report Form

Entity Name:

Entity Contracted with: DDS; Developmental Center/Community Facility; Regional Center;

Initial Incident Report

Addendum to previous report

Incident Start Date: or Unknown

Incident End Date:

Incident Discovery Start Date: or Unknown

Incident Discovery End Date:

Location of Incident:

Number of Individuals affected:

500 or more individuals

Fewer than 500 individuals affected by the breach.

Type of Breach: Location of Breach: Encrypted

Hacking/IT Incident Desktop Computer Yes No

Improper Disposal Electronic Medical Record Yes No

Loss E-Mail Yes No

Theft Laptop Yes No

Unauthorized Access/Disclosure Network Server Yes No

Other Potable Electronic Device Yes No

Paper/Films

Other

Was personally identifiable information involved? Yes No

Health or Medical or Clinical Information Demographic

Lab Results Name

Medications Address/Zip

Other Treatment Information Date of Birth

Driver’s License/State ID Number

Social Security Number

Financial Account Number Other (Specify)

Claims Information

Credit Card/Bank Account Number

Other Financial Information

Are notifications required? Yes; Notification Date:

No

Costs Associated with the Breach: Less than $1000.00

Greater than $1000.00

Far Northern Regional Center

Potential Privacy and Security Incident Report Form

Breach Description

Safeguards in place (prior to the breach incident):

None

Privacy Rule Safeguards (Training, Policies and Procedures, etc.)

Breach; Security Rule Administrative Safeguards (Risk Analysis; Risk Management, etc.)

Security Rule Physical Safeguards (Access Controls; Workstation Security, etc.)

Security Rule Technical Safeguards (Access Controls; Transmission Security, etc.)

Corrective Actions

Adopted encryption technologies

Changed password/strengthened password requirements

Create a new/updated Security Rule Risk Management Plan

Implemented new technical safeguards

Implemented periodic technical and nontechnical evaluations

Improved physical security

Performed a new/updated Security Rule Risk Analysis

Provided business associated with additional training on HIPAA requirements

Provided individuals with free credit monitoring

Revised business associate contracts

Revised policies and procedures

Sanctioned workforce members involved (including termination)

Took steps to mitigate harm

Trained or retrained workforce members

Other:

Signatures:

______

Printed Name of Information Signature of Information Date

Security Officer Security Officer

______

Printed Name of Privacy Officer Signature of Privacy Officer Date

______

Printed Name of Director or Designee Signature of Director or Designee Date

Please complete this form with as much information as possible submit to .

Forms/Administrative/262.mrg.doc (07/11/17) Page 1 of 2