Reporting and Resolution. 1. Immediately upon identifying any suspected privacy or security incidents, breaches, intrusion or unauthorized access, use, or disclosure of PII, the SSA employee will immediately notify their Regional/Program Manager/Admin Management Team, with a CC to their immediate Supervisor. 2. The Regional/Program Manager, upon receiving information about the privacy or security incident, will immediately submit a Privacy Incident Report (PIR) to the Quality Support Team (QST)/Custodian of Records (COR) at XXXxxxxxxxxxxxxxxxxxxxxxxx@XXX.xxxxx.xxx with a CC to their Deputy Division Director, via a secure email message with the subject line “Initial PIR [secure]”. Each section of the PIR will be completed with as much information as available at the time of drafting. No PII should be included in the PIR. 3. Upon receipt of the PIR, the Quality Support Team will collaborate with the Regional/Program Manager to further identify any details necessary to better assess the incident. 4. Upon gathering this information, the Quality Support Team will then connect with the County Privacy Officer to identify next steps. 5. As determined to be required, the QST/COR shall advise the identified program point of contact (“Action Officer”) to update the PIR to include any additional information required. a. If the incident meets any of the criteria noted in the County Significant Incident/ Claim Reporting Protocol, QST/COR shall draft a report containing the basic/concise facts and submit to the Chief Deputy Director with the PIR attached for review and submission to XxxxxxxxXxxxxx@xxxxx.xxx. 6. QST/COR will serve as the Agency’s point of contact for the County Privacy Officer and will communicate all applicable steps identified by the County Privacy Officer to the Action Officer. a. The Action Officer will be responsible for coordinating all applicable activities required to notify and rectify the privacy/security issue that was identified. i. Action Officers will be assigned and will vary depending on the program. ii. Depending on the type of issue, the References Section provided below will provide more information on what actions are necessary to rectify the situation. Loss of Medi-Cal PII involves different steps than a loss of PII for other programs. b. The Action Officer shall oversee the completion of the investigation of the privacy or security incident. c. The Action Officer shall oversee notification of individuals affected by the breach or unauthorized use/disclosure of Medi-Cal PII when notification is required. d. The Action Officer shall engage Human Resource Services, County Counsel, Risk Management, and/or the County Executive Office as needed to determine if internal processes, such as disciplinary action, are necessary. e. At the conclusion of the investigation and completion of all required notifications and consultations regarding necessary internal processes, the Action Officer will send the completed PIR that includes all required documentation from the investigation to QST/COR at the XXXXxxxxxxxxxxxxxxxxxxxxxx@XXX.xxxxx.xxx with the subject line “Final PIR [secure].” 7. The County Privacy Officer will submit the final PIR to DHCS as required. 8. QST/COR will retain the final PIR for all incident types
Appears in 1 contract
Samples: Vocational Training Agreement
Reporting and Resolution. 1. Immediately upon identifying any suspected privacy or security incidents, breaches, intrusion or unauthorized access, use, or disclosure of PII, the SSA employee will immediately notify their Regional/Program Manager/Admin Management Team, with a CC to their immediate Supervisor.
2. The Regional/Program Manager, upon receiving information about the privacy or security incident, will immediately submit a Privacy Incident Report (PIR) to the Quality Support Team (QST)/Custodian of Records (COR) at XXXxxxxxxxxxxxxxxxxxxxxxxx@XXX.xxxxx.xxx with a CC to their Deputy Division Director, via a secure email message with the subject line “Initial PIR [secure]”. Each section of the PIR will be completed with as much information as available at the time of drafting. No PII should be included in the PIR.. AMR0121-A1 January 12, 2024 DocuSign Envelope ID: 38FE53CB-23DB-4F33-BEA3-052481BD6AFC
3. Upon receipt of the PIR, the Quality Support Team will collaborate with the Regional/Program Manager to further identify any details necessary to better assess the incident.
4. Upon gathering this information, the Quality Support Team will then connect with the County Privacy Officer to identify next steps.
5. As determined to be required, the QST/COR shall advise the identified program point of contact (“Action Officer”) to update the PIR to include any additional information required.
a. If the incident meets any of the criteria noted in the County Significant Incident/ Claim Reporting Protocol, QST/COR shall draft a report containing the basic/concise facts and submit to the Chief Deputy Director with the PIR attached for review and submission to XxxxxxxxXxxxxx@xxxxx.xxx.
6. QST/COR will serve as the Agency’s point of contact for the County Privacy Officer and will communicate all applicable steps identified by the County Privacy Officer to the Action Officer.
a. The Action Officer will be responsible for coordinating all applicable activities required to notify and rectify the privacy/security issue that was identified.
i. Action Officers will be assigned and will vary depending on the program.
ii. Depending on the type of issue, the References Section provided below will provide more information on what actions are necessary to rectify the situation. Loss of Medi-Cal PII involves different steps than a loss of PII for other programs.
b. The Action Officer shall oversee the completion of the investigation of the privacy or security incident.
c. The Action Officer shall oversee notification of individuals affected by the breach or unauthorized use/disclosure of Medi-Cal PII when notification is required.
d. The Action Officer shall engage Human Resource Services, County Counsel, Risk Management, and/or the County Executive Office as needed to determine if internal processes, such as disciplinary action, are necessary.
e. At the conclusion of the investigation and completion of all required notifications and consultations regarding necessary internal processes, the Action Officer will send the completed PIR that includes all required documentation from the investigation to QST/COR at the XXXXxxxxxxxxxxxxxxxxxxxxxx@XXX.xxxxx.xxx with the subject line “Final PIR [secure].”
7. The County Privacy Officer will submit the final PIR to DHCS as required.
8. QST/COR will retain the final PIR for all incident types.
Appears in 1 contract
Reporting and Resolution. 1. Immediately upon identifying any suspected privacy or security incidents, breaches, intrusion or unauthorized access, use, or disclosure of PII, the SSA employee will immediately notify their Regional/Program Manager/Admin Management Team, with a CC to their immediate Supervisor.
2. The Regional/Program Manager, upon receiving information about the privacy or security incident, will immediately submit a Privacy Incident Report (PIR) to the Quality Support Team (QST)/Custodian of Records (COR) at XXXxxxxxxxxxxxxxxxxxxxxxxx@XXX.xxxxx.xxx with a CC to their Deputy Division Director, via a secure email message with the subject line “Initial PIR [secure]”. Each section of the PIR will be completed with as much information as available at the time of drafting. No PII should be included in the PIR.
3. Upon receipt of the PIR, the Quality Support Team will collaborate with the Regional/Program Manager to further identify any details necessary to better assess the incident.
4. Upon gathering this information, the Quality Support Team will then connect with the County Privacy Officer to identify next steps.
5. As determined to be required, the QST/COR shall advise the identified program point of contact (“Action Officer”) to update the PIR to include any additional information required.
a. If the incident meets any of the criteria noted in the County Significant Incident/ Claim Reporting Protocol, QST/COR shall draft a report containing the basic/concise facts and submit to the Chief Deputy Director with the PIR attached for review and submission to XxxxxxxxXxxxxx@xxxxx.xxx.
6. QST/COR will serve as the Agency’s point of contact for the County Privacy Officer and will communicate all applicable steps identified by the County Privacy Officer to the Action Officer.
a. The Action Officer will be responsible for coordinating all applicable activities required to notify and rectify the privacy/security issue that was identified.
i. Action Officers will be assigned and will vary depending on the program.
ii. Depending on the type of issue, the References Section provided below will provide more information on what actions are necessary to rectify the situation. Loss of Medi-Cal PII involves different steps than a loss of PII for other programs.
b. The Action Officer shall oversee the completion of the investigation of the privacy or security incident.
c. The Action Officer shall oversee notification of individuals affected by the breach or unauthorized use/disclosure of Medi-Cal PII when notification is required.
d. The Action Officer shall engage Human Resource Services, County Counsel, Risk Management, and/or the County Executive Office as needed to determine if internal processes, such as disciplinary action, are necessary.
e. At the conclusion of the investigation and completion of all required notifications and consultations regarding necessary internal processes, the Action Officer will send the completed PIR that includes all required documentation from the investigation to QST/COR at the XXXXxxxxxxxxxxxxxxxxxxxxxx@XXX.xxxxx.xxx with the subject line “Final PIR [secure].”
7. The County Privacy Officer will submit the final PIR to DHCS as required.
8. QST/COR will retain the final PIR for all incident types.
Appears in 1 contract
Samples: Contract for Integrated Job Services
Reporting and Resolution. 1. Immediately upon identifying any suspected privacy or security incidents, breaches, intrusion or unauthorized access, use, or disclosure of PII, the SSA employee will immediately notify their Regional/Program Manager/Admin Management Team, with a CC to their immediate Supervisor.. DocuSign Envelope ID: 36A3BC17-52D3-4CF0-B757-9026A1A36BE4
2. The Regional/Program Manager, upon receiving information about the privacy or security incident, will immediately submit a Privacy Incident Report (PIR) to the Quality Support Team (QST)/Custodian of Records (COR) at XXXxxxxxxxxxxxxxxxxxxxxxxx@XXX.xxxxx.xxx “SSAcustodianofrecordsinbox”, with a CC to their Deputy Division Director, via a secure email message with the subject line “Initial PIR [secure]”. Each section of the PIR will be completed with as much information as available at the time of drafting. No PII should be included in the PIR.
3. Upon receipt of the PIR, the Quality Support Team will collaborate with the Regional/Program Manager to further identify any details necessary to better assess the incident.
4. Upon gathering this information, the Quality Support Team will then connect with the County Privacy Officer to identify next steps.
5. As determined to be required, the QST/COR shall advise the identified program point of contact (“Action Officer”) to update the PIR to include any additional information required.
a. If the incident meets any of the criteria noted in the County Significant Incident/ Claim Reporting Protocol, QST/COR shall draft a report containing the basic/concise facts and submit to the Chief Deputy Director with the PIR attached for review and submission to XxxxxxxxXxxxxx@xxxxx.xxx.
6. QST/COR will serve as the Agency’s point of contact for the County Privacy Officer and will communicate all applicable steps identified by the County Privacy Officer to the Action Officer.
a. The Action Officer will be responsible for coordinating all applicable activities required to notify and rectify the privacy/security issue that was identified.
i. Action Officers will be assigned and will vary depending on the program.
ii. Depending on the type of issue, the References Section provided below will provide more information on what actions are necessary to rectify the situation. Loss of Medi-Cal PII involves different steps than a loss of PII for other programs.
b. The Action Officer shall oversee the completion of the investigation of the privacy or security incident.
c. The Action Officer shall oversee notification of individuals affected by the breach or unauthorized use/disclosure of Medi-Cal PII when notification is required.. DocuSign Envelope ID: 36A3BC17-52D3-4CF0-B757-9026A1A36BE4
d. The Action Officer shall engage Human Resource Services, County Counsel, Risk Management, and/or the County Executive Office as needed to determine if internal processes, such as disciplinary action, are necessary.
e. At the conclusion of the investigation and completion of all required notifications and consultations regarding necessary internal processes, the Action Officer will send the completed PIR that includes all required documentation from the investigation to QST/COR at the XXXXxxxxxxxxxxxxxxxxxxxxxx@XXX.xxxxx.xxx with the subject line “Final PIR [secure].”
7. The County Privacy Officer will submit the final PIR to DHCS as required.
8. QST/COR will retain the final PIR for all incident types
Appears in 1 contract
Reporting and Resolution. 1. Immediately upon identifying any suspected privacy or security incidents, breaches, intrusion or unauthorized access, use, or disclosure of PII, the SSA employee will immediately notify their Regional/Program Manager/Admin Management Team, with a CC to their immediate Supervisor.
2. The Regional/Program Manager, upon receiving information about the privacy or security incident, will immediately submit a Privacy Incident Report (PIR) to the Quality Support Team (QST)/Custodian of Records (COR) at XXXxxxxxxxxxxxxxxxxxxxxxxx@XXX.xxxxx.xxx with a CC to their Deputy Division Director, via a secure email message with the subject line “Initial PIR [secure]”. Each section of the PIR will be completed with as much information as available at the time of drafting. No PII should be included in the PIR.
3. Upon receipt of the PIR, the Quality Support Team will collaborate with the Regional/Program Manager to further identify any details necessary to better assess the incident.
4. Upon gathering this information, the Quality Support Team will then connect with the County Privacy Officer to identify next steps.
5. As determined to be required, the QST/COR shall advise the identified program point of contact (“Action Officer”) to update the PIR to include any additional information required.
a. If the incident meets any of the criteria noted in the County Significant Incident/ Claim Reporting Protocol, QST/COR shall draft a report containing the basic/concise facts and submit to the Chief Deputy Director with the PIR attached for review and submission to XxxxxxxxXxxxxx@xxxxx.xxx.
6. QST/COR will serve as the Agency’s point of contact for the County Privacy Officer and will communicate all applicable steps identified by the County Privacy Officer to the Action Officer.
a. The Action Officer will be responsible for coordinating all applicable activities required to notify and rectify the privacy/security issue that was identified.
i. Action Officers will be assigned and will vary depending on the program.
ii. Depending on the type of issue, the References Section provided below will provide more information on what actions are necessary to rectify the situation. Loss of Medi-Cal PII involves different steps than a loss of PII for other programs.
b. The Action Officer shall oversee the completion of the investigation of the privacy or security incident.
c. The Action Officer shall oversee notification of individuals affected by the breach or unauthorized use/disclosure of Medi-Cal PII when notification is required.
d. The Action Officer shall engage Human Resource Services, County Counsel, Risk Management, and/or the County Executive Office as needed to determine if internal processes, such as disciplinary action, are necessary.
e. At the conclusion of the investigation and completion of all required notifications and consultations regarding necessary internal processes, the Action Officer will send the completed PIR that includes all required documentation from the investigation to QST/COR at the XXXXxxxxxxxxxxxxxxxxxxxxxx@XXX.xxxxx.xxx with the subject line “Final PIR [secure].”
7. The County Privacy Officer will submit the final PIR to DHCS as required.
8. QST/COR will retain the final PIR for all incident types
Appears in 1 contract
Samples: Contract for Integrated Job Services
Reporting and Resolution. 1. Immediately upon identifying any suspected privacy or security incidents, breaches, intrusion or unauthorized access, use, or disclosure of PII, the SSA employee will DocuSign Envelope ID: 873673BE-CA7F-4A96-B638-4A4589E90BF0 DocuSign Envelope ID: 48A28A2E-18EB-4AD5-861A-6B951FD6A7B1 immediately notify their Regional/Program Manager/Admin Management Team, with a CC to their immediate Supervisor.
2. The Regional/Program Manager, upon receiving information about the privacy or security incident, will immediately submit a Privacy Incident Report (PIR) to the Quality Support Team (QST)/Custodian of Records (COR) at XXXxxxxxxxxxxxxxxxxxxxxxxx@XXX.xxxxx.xxx with a CC to their Deputy Division Director, via a secure email message with the subject line “Initial PIR [secure]”. Each section of the PIR will be completed with as much information as available at the time of drafting. No PII should be included in the PIR.
3. Upon receipt of the PIR, the Quality Support Team will collaborate with the Regional/Program Manager to further identify any details necessary to better assess the incident.
4. Upon gathering this information, the Quality Support Team will then connect with the County Privacy Officer to identify next steps.
5. As determined to be required, the QST/COR shall advise the identified program point of contact (“Action Officer”) to update the PIR to include any additional information required.
a. If the incident meets any of the criteria noted in the County Significant Incident/ Claim Reporting Protocol, QST/COR shall draft a report containing the basic/concise facts and submit to the Chief Deputy Director with the PIR attached for review and submission to XxxxxxxxXxxxxx@xxxxx.xxx.
6. QST/COR will serve as the Agency’s point of contact for the County Privacy Officer and will communicate all applicable steps identified by the County Privacy Officer to the Action Officer.
a. The Action Officer will be responsible for coordinating all applicable activities required to notify and rectify the privacy/security issue that was identified.
i. Action Officers will be assigned and will vary depending on the program.
ii. Depending on the type of issue, the References Section provided below will provide more information on what actions are necessary to rectify the situation. Loss of Medi-Cal PII involves different steps than a loss of PII for other programs.
b. The Action Officer shall oversee the completion of the investigation of the privacy or security incident.
c. The Action Officer shall oversee notification of individuals affected by the breach or unauthorized use/disclosure of Medi-Cal PII when notification is required.. DocuSign Envelope ID: 873673BE-CA7F-4A96-B638-4A4589E90BF0 DocuSign Envelope ID: 48A28A2E-18EB-4AD5-861A-6B951FD6A7B1
d. The Action Officer shall engage Human Resource Services, County Counsel, Risk Management, and/or the County Executive Office as needed to determine if internal processes, such as disciplinary action, are necessary.
e. At the conclusion of the investigation and completion of all required notifications and consultations regarding necessary internal processes, the Action Officer will send the completed PIR that includes all required documentation from the investigation to QST/COR at the XXXXxxxxxxxxxxxxxxxxxxxxxx@XXX.xxxxx.xxx with the subject line “Final PIR [secure].”
7. The County Privacy Officer will submit the final PIR to DHCS as required.
8. QST/COR will retain the final PIR for all incident types.
Appears in 1 contract
Samples: Contract for Integrated Job Services