Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
compliance_incident_reporting_response [2016/07/06 17:25] jillian_nadette_de_leon |
compliance_incident_reporting_response [2016/07/19 16:26] jillian_nadette_de_leon |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ##Compliance | ##Compliance | ||
| - | **Enforcement of the Privacy Code.** Health care facilities involved in the PHIE shall: \\ | + | **Compliance.** Health care facilities involved in the PHIE are required to: \\ |
| - | a.) Register their data processing systems involved in the PHIE process to the health privacy board, including the data processing systems of contractors, employees and third parties entering into contracts with them that involve accessing or requiring sensitive personal health information from one thousand (1,000) or more individuals;\\ | + | a.) Register their data processing systems involved in the PHIE process to the health privacy board, including the data processing systems of contractors, employees and third parties entering into contracts with them that involves accessing or requiring sensitive personal health information from one thousand (1,000) or more individuals;\\ |
| - | b.) Notify the board of automatic processing operations being carried out by the health facility, its contractors and third parties;\\ | + | b.) Notify the health privacy board of automatic processing operations being carried out by the health facility, its contractors and third parties;\\ |
| c.) Submit a copy of their privacy policy as well as a list of personnel having direct access to health information to the health privacy board;\\ | c.) Submit a copy of their privacy policy as well as a list of personnel having direct access to health information to the health privacy board;\\ | ||
| d.) Submit an annual report on documented security incidents to the health privacy board;\\ | d.) Submit an annual report on documented security incidents to the health privacy board;\\ | ||
| Line 110: | Line 110: | ||
| **Content of Notification**\\ | **Content of Notification**\\ | ||
| 1. A brief description of what happened, including the date of breach and the date of discovery of the breach, if known. \\ | 1. A brief description of what happened, including the date of breach and the date of discovery of the breach, if known. \\ | ||
| - | 2. A description of the types of unsecured health information that were compromised in the breach (such as full name, social security number, date of birth, home address, account number). \\ | + | 2. A description of the types of unsecured health information that were compromised in the breach (such as full name, , date of birth, home address, account number). \\ |
| 3. Situations where individuals are at risk due to the breach and the steps that they should take to protect themselves from potential harm resulting from the breach.\\ | 3. Situations where individuals are at risk due to the breach and the steps that they should take to protect themselves from potential harm resulting from the breach.\\ | ||
| 4. A brief description of what the Health Care Provider involved is doing to investigate the breach, to mitigate losses, and to protect against any further breaches.\\ | 4. A brief description of what the Health Care Provider involved is doing to investigate the breach, to mitigate losses, and to protect against any further breaches.\\ | ||