DSHS HIV/STD/TB Potential Privacy Incident Report

This section is to be completed by the staff person who initially identified the privacy incident (e.g., received an email with confidential information, found forms in trash that should have been shredded, lost their documents, etc.) NO CONFIDENTIAL INFORMATION SHOULD BE INCLUDED IN THIS REPORT. Questions can be forwarded to: TBHIVSTD.Compliance@dshs.texas.gov.


For a copy of this report, please select "Send me a copy of my responses" at the bottom of the form.


Privacy Incidents should be reported to your Local Responsible Party (LRP) and/or Manager.


***Incidents should be reported to your respected leadership within your organization along with a copy of the submitted report. Reporting to leadership is the responsibility of the LRP and/or Manager. ***

 

Person submitting the report information

 
 
 
Phone
 
 
 

Acknowledgement. I acknowledge that NO Protected Health Information (PHI) or Personally Identifiable Information (PII) will be placed in this report.

 

If Unknown, please choose "Other".

 
 

If Unknown, choose “other” and explain.

 

- A violation of protocol occurs when the correct procedure was not taken and there was a potential risk for a violation of confidentiality. TIP: A violation of confidentiality will always be accompanied by a violation of protocol, but a violation of protocol can occur without a violation of confidentiality

- A violation of confidentiality occurs when it is known that confidential information has been exposed to an unauthorized party.

 
 
 
mm/dd/yyyy
 

Personally identified individual record-level data: information which, when combined with other information, could potentially identify an individual or individuals. This includes but is not limited to such information as medical record/case numbers and demographic or locality information that describe a small subset of individuals (e.g., block data, zip codes, race/ethnicity.


Pseudo-anonymized data; individual record-level data which has been stripped of personal identifiers (e.g., name, address, social security number) but may contain potentially identifying information (e.g., age, sex, race/ethnicity, locality information) that when combined with other information may identify an individual. If the combining of information could identify an individual, these data are considered confidential.


Aggregate data: data which are based on combining individual level information. Aggregate data may contain potentially identifying information, particularly if the aggregated data are very detailed or for a small subset of individuals.


NOTE: If "Other" is selected, you must enter text in order for box to be checked.

 
 
 
 
 
 
 
 

If multiple individuals are responsible for the privacy incident, separate privacy incident reports must be submitted for each individual.

 
 
Phone
 
 

Please be detailed here. DO NOT include information that would result in unauthorized disclosure of PHI/PII, but DO include enough information for us to be able to follow up on this incident if needed. You may wish to type this out, then cut and paste in the field below. Please do not include acronyms.

 
 

Please be detailed here. Example causes might include: new staff, staff not receiving training, staff in a hurry, physical security issues, IT security issues, field security issues.

 
 
 
 

With my electronic signature below, I affirm this incident has been investigated, the proper officials have been notified, and the corrective actions have been implemented in the event a breach has been confirmed.