A Privacy breach is an unauthorized disclosure of personal confidential information that violates state or federal privacy laws. In the event of a privacy breach, the following procedures should be followed to ensure the appropriate level of response.
The DHCS investigates all alleged breaches of personal confidential information reported by its employees, staff of its business associates, individual program beneficiaries or other persons and will work to resolve the issues raised in order to safeguard individuals' confidential information and improve the DHCS business systems and practices. The Privacy Officer determines the appropriate level of response to mitigate potential harm and corrective action necessary when the DHCS is made aware of a privacy breach. If the privacy breach involves electronic, unencrypted confidential information, the state breach notification law may be triggered.
To report potential breach/incident visit the Privacy Home Page using the link given below and retrieve the appropriate breach reporting form.
Privacy Home Page
DHCS employees must provide immediate notice to the DHCS Privacy Officer and the DHCS Information Security Officer of any suspected or actual breach of security or unauthorized disclosure in violation of any applicable federal and state laws or regulations.
Note: Business Associates must also notify DHCS of security breaches.