DSHS HIV/STD/TB Potential Privacy Incident Report

This section is to be completed by the staff person who initially identified the privacy incident (e.g., received an email with confidential information, found forms in trash that should have been shredded, lost their documents, etc.) NO CONFIDENTIAL INFORMATION SHOULD BE INCLUDED IN THIS REPORT. Questions can be forwarded to: TBHIVSTD.Compliance@dshs.texas.gov.

For a copy of this report, please select "Send me a copy of my responses" at the bottom of the form.

Privacy Incidents should be reported to your Local Responsible Party (LRP) and/or Manager.

***Incidents should be reported to your respected leadership within your organization along with a copy of the submitted report. Reporting to leadership is the responsibility of the LRP and/or Manager. ***

Person submitting the report information

First Name*

Last Name*

Phone

Email of person submitting report:

Agency/affiliation*

Acknowledgement*

Acknowledgement. I acknowledge that NO Protected Health Information (PHI) or Personally Identifiable Information (PII) will be placed in this report.

Yes

What type of incident are you reporting?*

If Unknown, please choose "Other".

Select or enter value

Other Type of Incident

What TB/HIV/STD Section program is the privacy incident regarding? If not listed or unknown, check "Other" and enter program.

Select or enter value

Other Program Privacy Incident Regarding

What type of privacy incident is being reported?*

If Unknown, choose “other” and explain.

Select or enter value

Other Type of Privacy Incident Reported

What type of privacy incident occurred (select all that apply)?

- A violation of protocol occurs when the correct procedure was not taken and there was a potential risk for a violation of confidentiality. TIP: A violation of confidentiality will always be accompanied by a violation of protocol, but a violation of protocol can occur without a violation of confidentiality

- A violation of confidentiality occurs when it is known that confidential information has been exposed to an unauthorized party.

Violation of protocol

Violation of confidentiality

Is this a PS24-0047 reportable incident? (ONLY HIV Surveillance, HIV Prevention, and Public Health Follow-Up)*

Select or enter value

When did the privacy incident occur?*

What type of data was compromised?

Personally identified individual record-level data: information which, when combined with other information, could potentially identify an individual or individuals. This includes but is not limited to such information as medical record/case numbers and demographic or locality information that describe a small subset of individuals (e.g., block data, zip codes, race/ethnicity.

Pseudo-anonymized data; individual record-level data which has been stripped of personal identifiers (e.g., name, address, social security number) but may contain potentially identifying information (e.g., age, sex, race/ethnicity, locality information) that when combined with other information may identify an individual. If the combining of information could identify an individual, these data are considered confidential.

Aggregate data: data which are based on combining individual level information. Aggregate data may contain potentially identifying information, particularly if the aggregated data are very detailed or for a small subset of individuals.

NOTE: If "Other" is selected, you must enter text in order for box to be checked.

Select or enter value

Other type of data was compromised?

Enter the complete name and physical address of the location where the privacy incident occurred.*

In which format did the privacy incident occur (check all that apply)?

Select or enter value

Other format

Was the Local Responsible Party (LRP) contacted?

Select

Name of LRP:

Phone number of LRP:

Email of LRP:

Name of person(s) who caused the privacy incident:

If multiple individuals are responsible for the privacy incident, separate privacy incident reports must be submitted for each individual.

What is the agency affiliation of the individual responsible for the privacy incident?

Phone number(s) of person(s) who caused the privacy incident:

Phone

Email of person who caused the privacy incident:

Describe the privacy incident that occurred.

Please be detailed here. DO NOT include information that would result in unauthorized disclosure of PHI/PII, but DO include enough information for us to be able to follow up on this incident if needed. You may wish to type this out, then cut and paste in the field below. Please do not include acronyms.

Describe contributing causes to the privacy incident.

Please be detailed here. Example causes might include: new staff, staff not receiving training, staff in a hurry, physical security issues, IT security issues, field security issues.

Was this privacy incident negligent or intentional

Intentional

Negligent

Unknown

If "unknown," please explain:

Were any disciplinary actions or corrective actions taken to prevent the privacy incident from occurring again?

Select or enter value

If yes - Disciplinary or Corrective Actions taken

Electronic Signature*

With my electronic signature below, I affirm this incident has been investigated, the proper officials have been notified, and the corrective actions have been implemented in the event a breach has been confirmed.

Send me a copy of my responses

Privacy Notice|Report Abuse