The Department of Health and Human Services (department), along with its funded and contracted service providers, has access to personal information (which includes sensitive information) and health information about clients and staff.This access is often provided to the department based on trust. Therefore, it is critical the department protects the privacy of this personal and health information.
Reporting a Privacy Incident
With the commencement of the Client Incident Management System (CIMS) on 15 January 2018, a new privacy incident report form will be available for funded organisations to report privacy incidents.
The form requires the agency to enter details about the privacy incident, clients involved, immediate risks, and how the incident is being managed. In addition to the current critical incident report form, the new form will include fields on information security and practices.
Once the report is submitted, the nominated funded organisation contact will receive a confirmation email and a reference number. The report will be received by the divisional privacy officer and directed to the funded organisation’s contract manager within the department (i.e.. local engagement officer or program and service advisor), who will work with the funded organisation to manage the incident as required.
Privacy Incident Report eform
To report an incident use the web based Privacy Incident Report eform.
Note: this web link will be active on 15th January 2018.
For more information, resources and tools on how to use the Privacy Incident Report form see the Privacy Incident Report Form (FMS) - User Guide for Funded Agency Staff Members.
Email the Privacy team firstname.lastname@example.org or contact your divisional Privacy Officer