Reporting a Privacy Incident

Per UC Davis Health Policy & Procedure (P&P) 1302, Protected Health Information (PHI)/Personal Information (PI) Breach Notification, all workforce members are required to promptly report any known or suspected privacy incidents to the Compliance Department and their immediate supervisor upon detection/discovery.

To report a privacy incident to the Compliance Department:

  • Call the Compliance Department at (916) 734-8808; OR
  • Send an email to the Compliance Department at hs-privacyprogram@ucdavis.edu; OR
  • Submit an Incident Report via RL Solutions using the “Confidentiality/Healthcare Information” category (type “incident” in your browser address bar or log in via Citrix to access system).

If you would like to anonymously report concerns regarding specific activities or practices you believe are privacy violations, please call the UC Ethics Point Hotline at (877) 384-4272. If submitting a complaint this way, please provide as much detail as possible so we can adequately and appropriately investigate your concern. This method of reporting should not be used to report incidents such as misdirected faxes or documents distributed to a wrong patient.

The Compliance Department is responsible for investigating each privacy incident that involves a UC Davis Health patient, determining whether a privacy violation has occurred, and reporting the privacy violation, if required, pursuant to state or federal law. The Compliance Department must be notified of privacy incidents as soon as they are discovered to avoid delays in mandatory reporting, which may subject you and UC Davis Health to fines and penalties.

When reporting a privacy incident, be prepared to provide the following information:

  • The date the incident occurred
  • The date the incident was detected/discovered
  • How the incident occurred
  • How the incident was detected/discovered
  • The name(s) of the patient(s) whose information was disclosed
  • The name(s) of the recipient(s) of the disclosed information
  • The specific information disclosed (if possible and applicable, please provide a copy of the document)
  • Actions taken to mitigate harm
  • The name(s) of the individual(s) responsible for the incident
  • The department contact for follow-up questions

While the above-listed information will be needed to fully review an incident, incomplete information should not prevent prompt reporting of a known or suspected privacy incident.

If the incident involves a stolen or lost mobile device, such as a laptop, containing patient information you must also report the event to the Information Technology (IT) Department by calling 916-734-4357. If the stolen or lost device was issued by the University, you must also report the incident to UC Davis Health Campus Police by calling 916-734-2555.