Reporting Privacy Breaches
For Application Basic and Complex
Scenario: A nurse at Site A accidentally logs into Site B and triages a patient. This exposes patient information from Site A to the wrong site (Site B) resulting in a privacy breach.
- Immediately apply a Transfer of Accountability (TOA) to the patient from Site B with the TOA note “Triaged in error”
- Log in to the correct site (Site A) and triage the patient
- Notify your Privacy Officer and eCTAS Coordinator immediately and follow hospital privacy policies. Hospitals should also notify the other site (Site B).
- Your eCTAS Coordinator must complete and submit the eCTAS Privacy Breach Reporting Form to eCTAS@ontariohealth.ca and call the eCTAS Service Desk (1-866-681-9846) to report the breach
- During business hours explain the purpose of the call is to report a privacy breach
- After business hours leave a message with your contact details and explain your call is regarding a privacy breach
 |
Important: Do not include PHI in the eCTAS Privacy Breach Reporting Form, or in your email or voice messages. |
- Resources at Site B should login to the eCTAS Registration View, locate the incorrect record in Past Record Lookup, and apply the action ‘Mark as Triaged in Error’. Resources can refer to eCTAS Registration View documentation for detailed instructions on how to locate and indicate records as triaged in error.
