HIPAA Incident Reporting and Breach Notification Policy and Procedure
The purpose of this policy is to set forth Pacific University’s process for addressing potential breaches of unsecured protected health information from incident discovery to investigation / risk assessment and potential notification. Pacific University has established a comprehensive HIPAA privacy and security program to prevent unauthorized access to protected health information (PHI). This policy sets forth Pacific's approach to investigating and responding to incidents that may involve unauthorized use or disclosure of PHI.
It is the policy of Pacific University to be prepared for, to prevent and to respond to information security incidents. Once a security incident is suspected and reported to the privacy officer, he/she will analyze the available information in order to determine if the security incident constitutes a data breach as defined by the HIPAA Omnibus Rule. If it is determined that a breach has occurred, procedures to mitigate the harmful effects of the incidents including containing and eradicating the incident, will be put into place. Security incidents and their outcomes will be documented and stored electronically in a secure location.
PUNet ID Required to review
Updated March 2023