Reporting a Privacy Incident

No matter what role we play at UC Davis Health, we have a shared responsibility to tell the Compliance and Privacy Services Department and your immediate Supervisor if we witness a privacy event. A privacy event is any accidental or intentional access, use, and/or disclosure of patient information that does not follow existing policies. The faster a privacy event is reported, the easier it is for the Compliance team to address the situation and protect our patients and the health system. The prompt reporting of privacy events is crucial to prevent against any fines or other penalties.

To report a privacy incident to the Compliance Department:

  • Call the Compliance Department at 916-734-8808; OR
  • Send an email to the Compliance Department at hs-privacyprogram@ucdavis.edu; OR
  • Submit an Incident Report via RL Solutions using the “Confidentiality/Healthcare Information” category (type “incident” in your browser address bar or log in via Citrix to access system).

If you would like to anonymously report concerns regarding specific activities or practices you believe are privacy violations, please call the UC Ethics Point Hotline at 877-384-4272. If submitting a complaint this way, please provide as much detail as possible so we can adequately and appropriately investigate your concern. This method of reporting should not be used to report incidents such as misdirected faxes or documents distributed to a wrong patient.

When reporting a privacy incident, be prepared to provide the following information:

  • The date the incident occurred
  • The date the incident was detected/discovered
  • How the incident occurred
  • How the incident was detected/discovered
  • The name(s) of the patient(s) whose information was disclosed
  • The name(s) of the recipient(s) of the disclosed information
  • The specific information disclosed (if possible and applicable, please provide a copy of the document)
  • Actions taken to mitigate harm
  • The name(s) of the individual(s) responsible for the incident
  • The department contact for follow-up questions

The Compliance Department is responsible for investigating each privacy incident that involves a UC Davis Health patient, determining whether a privacy violation has occurred, and reporting the privacy violation, if required, pursuant to state or federal law. The Compliance Department must be notified of privacy incidents as soon as they are discovered to avoid delays in mandatory reporting, which may subject you and UC Davis Health to fines and penalties.

If the incident involves a stolen or lost mobile device, such as a laptop, containing patient information you must also report the event to the Information Technology (IT) Department by calling 916-734-4357. If the stolen or lost device was issued by the University, you must also report the incident to UC Davis Health Campus Police by calling 916-734-2555.