Privacy Breach Management Guide by Health PEI
Understanding, Preventing, and Managing Privacy Breaches in Healthcare: Learn about what constitutes a privacy breach, how to prevent breaches, steps to determine and manage breaches effectively, including containment, investigation, and notification processes.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
Presentation Transcript
Privacy Breach Management Guide Presented by: Access to Information & Privacy Team, Health PEI
What is a privacy breach? If Personal Health Information (PHI) or Personal Information (PI) is or is suspected to have been; stolen, lost or used, disclosed, accessed or destroyed without authorization then a privacy breach has potentially occurred!
How to Determine if a breach occurred Breaches, suspected breaches and potential breaches should all be recorded in PSMS. Was PHI or PI involved? Did access/disclosure occur or was there a risk of same? Was there a need to know the information? Was more PHI than necessary accessed or disclosed? Was the access/disclosure unauthorized?
Breach Management Basic Steps Containment and preliminary assessment Gather initial details of what happened Take steps to prevent further breach (contain it) Record incident in PSMS Document only the facts in the incident report Determine exactly what PHI or PI has been breached Recover, retrieve or confirm destruction of the PHI or PI, if possible Try to get confirmation in writing of deletion or destruction of records by an unauthorized recipient (ie. confirm emails were deleted from inbox & trash, etc.) If the breach involves theft or other criminal activity, Management will report to the appropriate law enforcement authorities.
Breach Management Basic Steps Investigation (Manager responsible, Privacy Officer and others as appropriate) Gather further information from varied sources Conduct auditing, if applicable Confirm facts of the breach and identify factors, failed safeguards, intentional vs. accidental, etc. Assess the risks to the Affected Individual(s) with the Privacy team. If the breach was intentional and caused by a staff person of Health PEI, Human Resources (HR) will be contacted. Continue to record all follow up and investigation steps and results in PSMS.
Breach Management Basic Steps Notification and reporting In consultation with Privacy Officer and Quality/Risk Coordinator, disclosure to affected individual(s) and notification to Commissioner are required, unless: No adverse impact on provision of care to or well-being (mental, physical, economic or social) of the affected individual(s) ONLY HPEI CEO (in consult with Privacy Officer) notifies Commissioner of breaches!
Breach Management Basic Steps Remediation and prevention Determine whether new or enhanced safeguards are required (Technical, physical and administrative measures to protect PHI and PI) Discipline, if applicable HR leads this process Share findings with affected individual(s) as appropriate. Health PEI CEO will share with the Information & Privacy Commissioner (via Privacy Officer)
If you require Assistance If you are unsure about the process or need some support and guidance, please contact your Access To Information & Privacy (ATIP) team at healthprivacy@ihis.org or 902-569-7734
Thank you for reviewing this information, we hope you found it helpful. If you have any feedback or suggestions about improving this information, please send it to the Access To Information & Privacy (ATIP) team at healthprivacy@ihis.org ** Privacy Breach & Complaints Management Protocol is coming soon!
