Compliance & Privacy:
10 Steps For Reporting A Privacy Incident
Step 1: Contact the Helpdesk at 512-854-9175 so they can determine what devices need to be disabled.
Step 2: Contact the Compliance and Privacy Office (CAP).
Step 3: After identification/discovery, immediately gather the following items:
- Date of Discovery
- Discovered By Who?
- Discovered How?
- Reported By?
- Employee Involved – all contact information
- Device Asset Tag Number
- Description of the incident and why you think it may be an unauthorized disclosure of information
- Has the employee in question been questioned?
Step 4: The involved staff member will need to be officially interviewed by the Compliance and Privacy Office to gather additional facts and provide any information or evidence to aid in the investigation.
Step 5: The Compliance and Privacy Office will conduct an investigation and do an analysis of the data and evidence, and also determine the level of severity:
- Low
- Med
- High
Step 6: The Compliance and Privacy Office will brief departmental and senior leadership on the final analysis and official conclusion.
Step 7: The Compliance and Privacy Office will recommend corrective/disciplinary actions to help prevent future recurrences. The final decision of disciplinary action is always at the department’s discretion.
Step 8: The Compliance and Privacy Office will send out disclosure notification letters to the affected victims. If required, briefing and updates will go to Commissioners Court, and official reporting will go to outside authorities: Office of Civil Rights (OCR)/Office of Inspector General (OIG).
Step 9: The Compliance and Privacy Office will work with departments regarding the corrective action plan, so the incident does not reoccur.
Examples of Corrective Actions
- Refresher Training
- Policy and Procedure Revisions
- Assign a Privacy Liaison
Step 10: Review lessons learned to become more efficient with addressing this type of incident.
If you would like general information about HIPAA, click to view the HIPAA page. Or, if you would like information regarding Travis County’s HIPAA Policies, or to report a suspected privacy concern, contact the Travis County Compliance and Privacy Officer.
