SECURITY & SECURITY BREACH INSTRUCTIONS

If you are a vendor of San Andreas Regional Center and sensitive/confidential information was stolen,  the following forms need to be completed and submitted to San Andreas Regional Center pphan@sarc.org ASAP:

1.   Security incident report.
2.   Police Report # that was filed.

In addition to this report, you must submit a special incident report for each affected consumer.  We’ll need to know what the corrective actions for the Vendor are? (e.g. is there a policy in place about leaving PHI in an unattended vehicle?).  We will also required a “redacted” copy of (1x) of the letters that have gone out  to each person who may have been affected by the breach.   Here are some sample letters for you to consider.  ISO – SIMM 65D – TEMPLATE Letter Samples

 

 

Best Practices for Protecting Confidential, Sensitive and Personal Information All service providers should review the Program Advisory from the Department of Developmental Services (DDS) regarding best practices for protecting confidential, sensitive, and personal information, regardless of format (i.e. electronic or paper).

>> View the memo from the SARC

 >>View the DDS Program Advisory

Agency Information Security Incident Report Instructions and Form Please read the Agency Information Security Incident Report Instructions and complete the Agency Information Incident Report posted below in the event of a security breach. We are also posting the California Office of Information Security & Privacy Protection’s “Privacy Protection Recommendations: What to do if your personal information is compromised.” Questions? Please call (818) 756-6116.

>> View the Privacy Protection Recommendations (English)

>> View the Privacy Protection Recommendations (Spanish)

>> View the Agency Information Security Incident Report Instructions & Incident Report

Security Breach Sample Breach Notices

>> View the Social Security (Number only) sample breach notice

>> View the driver’s license or California ID card number sample breach notice

>> View the credit card number or financial account (number only) sample breach notice

>> View the medical information only sample breach notice

>> View the health insurance information only sample breach notice

>> View the hybrid (SSN and health information) sample breach notice