SECURITY & SECURITY BREACH INSTRUCTIONS
If you are a vendor of San Andreas Regional Center and sensitive/confidential information was breached, the following forms need to be completed and submitted to San Andreas Regional Center and Email to Phien Phan at pphan@sarc.org ASAP:
1. TEMPLATE-DS-5340B
2. Police Report # that was filed.
In addition to this report, you must submit a special incident report for each affected consumer. We’ll need to know what the corrective actions for the Vendor are? (e.g. is there a policy in place about leaving PHI in an unattended vehicle?). We will also required a “redacted” copy of (1x) of the letters that have gone out to each person who may have been affected by the breach. Here are some sample letters for you to consider.
ISO-Sample-Notification-Letter
Best Practices for Protecting Confidential, Sensitive and Personal Information
All service providers should review the Technical Bulletin from the Department of Developmental Services (DDS) regarding best practices for protecting confidential, sensitive, and personal information, regardless of format (i.e. electronic or paper).