DSHS HIV/STD/TB Potential Privacy Incident Report

This section is to be completed by the staff person who initially identified the privacy incident (e.g., received an email with confidential information, found forms in trash that should have been shredded, lost their documents, etc.) NO CONFIDENTIAL INFORMATION SHOULD BE INCLUDED IN THIS REPORT. Questions can be forwarded to: TBHIVSTD.Compliance@dshs.texas.gov.


For a copy of this report, please select "Send me a copy of my responses" at the bottom of the form.


Privacy Incidents should be reported to your Local Responsible Party (LRP) and/or Manager.


***Incidents should be reported to your respected leadership within your organization along with a copy of the submitted report. Reporting to leadership is the responsibility of the LRP and/or Manager. ***

Person submitting the report information

Phone
Acknowledgement*

Acknowledgement. I acknowledge that NO Protected Health Information (PHI) or Personally Identifiable Information (PII) will be placed in this report.

If Unknown, please choose "Other".

Select or enter value
Caret IconCaret symbol
Select or enter value
Caret IconCaret symbol

If Unknown, choose “other” and explain.

Select or enter value
Caret IconCaret symbol

- A violation of protocol occurs when the correct procedure was not taken and there was a potential risk for a violation of confidentiality. TIP: A violation of confidentiality will always be accompanied by a violation of protocol, but a violation of protocol can occur without a violation of confidentiality

- A violation of confidentiality occurs when it is known that confidential information has been exposed to an unauthorized party.

Select or enter value
Caret IconCaret symbol

Personally identified individual record-level data: information which, when combined with other information, could potentially identify an individual or individuals. This includes but is not limited to such information as medical record/case numbers and demographic or locality information that describe a small subset of individuals (e.g., block data, zip codes, race/ethnicity.


Pseudo-anonymized data; individual record-level data which has been stripped of personal identifiers (e.g., name, address, social security number) but may contain potentially identifying information (e.g., age, sex, race/ethnicity, locality information) that when combined with other information may identify an individual. If the combining of information could identify an individual, these data are considered confidential.


Aggregate data: data which are based on combining individual level information. Aggregate data may contain potentially identifying information, particularly if the aggregated data are very detailed or for a small subset of individuals.


NOTE: If "Other" is selected, you must enter text in order for box to be checked.

Select or enter value
Caret IconCaret symbol
Select or enter value
Caret IconCaret symbol
Select
Caret IconCaret symbol

If multiple individuals are responsible for the privacy incident, separate privacy incident reports must be submitted for each individual.

Phone

Please be detailed here. DO NOT include information that would result in unauthorized disclosure of PHI/PII, but DO include enough information for us to be able to follow up on this incident if needed. You may wish to type this out, then cut and paste in the field below. Please do not include acronyms.

Please be detailed here. Example causes might include: new staff, staff not receiving training, staff in a hurry, physical security issues, IT security issues, field security issues.

Was this privacy incident negligent or intentional
Select or enter value
Caret IconCaret symbol

With my electronic signature below, I affirm this incident has been investigated, the proper officials have been notified, and the corrective actions have been implemented in the event a breach has been confirmed.