Privacy Incident Tickets
NOTE: THIS CONTENT IS NOT UP TO DATE.
Click HERE to access the updated content on Sunny.
Embedded Files
NEW: Thriveworks's has launched a new privacy ticket via Freshservice. The new privacy incident ticket will more effectively allow you to track submissions and speed up response times. The old Google Forms privacy incident report will be phased out at the end of December 2023.
NEW: Thriveworks's has launched a new privacy ticket via Freshservice. The new privacy incident ticket will more effectively allow you to track submissions and speed up response times. The old Google Forms privacy incident report will be phased out at the end of December 2023.
As part of our obligations under HIPAA, Thriveworks is required to investigate, log, and remediate any potential or alleged breaches or related events that involve client PHI.
As part of our obligations under HIPAA, Thriveworks is required to investigate, log, and remediate any potential or alleged breaches or related events that involve client PHI.
What is a HIPAA breach?
What is a HIPAA breach?
A HIPAA breach is any unauthorized acquisition, use, or disclosure of a client’s protected health information—otherwise known as “PHI.”
The severity of a breach is determined by:
(1) the type and amount of PHI that was involved, including whether an individual could use the information to re-identify a specific client;
(2) who the inappropriate disclosure was made to;
(3) whether that person actually looked at the information; and (
4) whether the PHI was encrypted or secured in any manner, making it unreadable or difficult to decode.
Common causes of HIPAA breaches include:
stolen or lost laptops, stolen or lost smart phones;
an EHR breach;
sending PHI to the wrong client or email address;
office break-ins; and
other types of intentional hacking events.
How do I report a potential breach and what details should I include?
How do I report a potential breach and what details should I include?
The new ticketing system is now live, and all privacy incident tickets should be submitted via Freshservice. To report a potential breach, log in to help.thriveworks.com using your individual Thriveworks account, select "Privacy Incident" under the Service Catalog, complete the new form, and click "place request" (or just click here).
We want you to feel comfortable telling us about any possible HIPAA breach. However, it may lead to addition training or other corrective actions.
When submitting tickets, remember, the more details the better!
Include the names of affected clients/individuals. For example, if you sent an email to the wrong client, include the name of the intended recipient in your report so that we can coordinate outreach and alert them of the error. Additionally, please include details such as DOBs or other information that may help identify the affected client(s).
Include any background information that might be helpful. For example, if you are alerted that an individual is receiving incorrect emails/text messages from Thriveworks, include the types of messages received (e.g., appointment reminders, billing statements, etc.), the email address or phone number that is being incorrectly messaged, and any information related to the intended recipient (e.g., the text message mentions “Bob Smith”).
Avoid using acronyms, initialisms, and abbreviations in your report. The privacy team may have a difficult time understanding them because different departments assign them different meanings.
If possible, include status details, such as any corrective actions taken by you or a colleague. This helps us plan our next steps in assisting with the privacy incident and reduces duplicative efforts.
NEW: Attachments. You may now send attachments via the privacy incident ticket. Please include relevant attachments such as a copy of an email/text/document that was sent to the incorrect recipient, or other documents that help clarify the privacy incident.
Above all else, submit the ticket. If you’re unsure if you should submit a privacy incident ticket, always lean toward submitting. We’re happy to assist and work through any concerns.
What happens after I submit a privacy incident ticket?
What happens after I submit a privacy incident ticket?
Once a privacy incident ticket has been submitted, our Privacy Officer or another member of the Legal team will determine appropriate next steps, which may include a meeting with you or your supervisor to discuss the incident, a follow up email requesting additional information about the event, and/or guidance on how to remediate or resolve the issue.
After the incident has been appropriately addressed, the Privacy Officer or another member of the legal team will log the privacy incident ticket and, if appropriate, report it to the U.S. Department of Health and Human Services, Office of Civil Rights.
How do I report a privacy incident?
How do I report a privacy incident?
The privacy incident ticket can be found using this link.
Page updated
Report abuse