Know the Code: Protecting Data Privacy
/If you’re like most of us, you try to protect your identity, so it’s not lost, stolen, or used without your permission.
Perhaps you keep personal details about your health to yourself and you’d just as soon not share your mother’s maiden name and your Social Security number to anyone without a need to know it.
November’s “Know the Code” topic involves reporting potential privacy incidents.
In keeping with Policy 400-11 on County Information and other group (i.e., HHSA) and departmental policies, employees must always keep the personal information of others confidential.
The three types of information involved are: personal information, personally identifiable information and protected health information.
Types of data that fall under these categories include:
Social Security number
Driver’s license or other government issued ID
Account or credit or debit card number, in combination with security or access code, or password
Medical information to include diagnosis and condition, especially sensitive conditions
Health insurance information to include ID card number, etc.
Unique biometric data used to authenticate, such as a fingerprint. Includes photographs for facial recognition
Genetic data
License plate information
Email or username combined with password or security information to access an online account
Birth records
Mother’s maiden name
To protect others, you are obligated to report any time you are aware that someone who isn’t unauthorized either receives, accesses, uses or discloses personal information not intended for them.
As examples, personal information could be received in misdirected emails, letters or faxes; overheard in conversations; or seen on a counter, computer, desk or dry erase board.
Non-HHSA employees and contractors must immediately report all potential privacy incidents to the Office of Ethics and Compliance Ethics Hotline at 866-549-0004 or report it online.
HHSA employees and contractors must report all real and suspected privacy and security incidents to the Business Assurance and Compliance Office at its website.
“Some legal timelines start on the date an incident was detected and not on the date they were reported, so waiting to report could cause additional issues,” said the County’s Chief Privacy Officer Todd Hood.
To ensure transparency and maintain public trust, employees should report all potential privacy incidents. The chief privacy officer or HHSA privacy officer will investigate whether the incident is a breach and determine next steps.
Check out the OEC webpage on InSite for information about upcoming Ethics and Compliance Program events, training and resources including monthly “Know the Code” articles and micro-training videos.
If you have questions about Ethics and Compliance training or how to access the training and other resources, contact the OEC team at oec@sdcounty.ca.gov or 619-531-5174.
HHSA staff may also contact the dedicated HHSA Agency Compliance team at compliance.hhsa@sdcounty.ca.gov or 619-338-2807.