HIPAA requires incidents affecting the privacy and security of protected health information to be reported. The Guard gives Users the ability to report and track Incidents. Before reporting an Incident in the Guard, and jumping on a call with our Audit Response Team, please review the Job Aid for Analysis of Security of PHI to determine if the Incident involved unsecured PHI. You must also complete the Breach Determination Assessment Form prior to submitting the Incident to be included as supporting evidence in The Guard.
After you have submitted the Incident in the Guard, please email [email protected] to book some time with a member of our team regarding the Incident.
Both Users and Officers/Administrators can report Incidents using The Guards Incident Manager, however, the steps to do so differ based on user access levels.
Reporting an Incident as an Officer/Administrator
Once logged into The Guard, select Incidents from the left navigation panel
Once in the Incident Management Screen, select the blue Add Incident button
You will then want to fill out the Form that appears
- Associated Site: select the Site that the Incident affected from the dropdown menu
- Incident Title: the nature of the Incident, such as "email sent to wrong patient"
- Incident Type: select an option from the dropdown menu. If none of the options apply, you can select Other, and include and explanation in the Description Tab
- Affiliate Reported: if the Incident occurred due to a Business Associate, select the Vendor's name from the dropdown menu.
- *Only Vendor's that have been added to your account will appear in the dropdown menu. If you’d like to include a Vendor that you have not input into The Guard, you will need to do so prior to reporting the Incident. To add a new Vendor, select Vendors from the Left Navigation Panel, and select the blue Add Vendor button
- Reported By: select your name from the dropdown menu, or you may also chose to report the Incident anonymously
- Set the Incident Date and the Discovery Date
- If the Incident affected more than 500 patients, select the checkbox
Under the Description Tab, include a brief description of the Incident. Under the Investigation Tab, Officers/Administrators can assign Tasks related to the Incident to other Users in The Guard. To do so, select the Investigation Tab and enter a task name or description in the Tasks box, and assigning a select User from the Assignee dropdown menu, then click the blue Add Task button
Under the Evidence Tab, Users can attach supporting documentation, by selecting Browse, selecting a document, and clicking the Upload Evidence button. Please include the Breach Assessment Form here.
*Note: please do not upload any documents containing PHI.
Click the blue Save New Incident button on the bottom on the screen
Once a new Incident has been submitted, the Incident can be found in the Incident Manager Screen.
The Status of the Incident will automatically be set as Not Verified as Incidents must be reviewed by Officers/Administrators to ensure that the Incident reported is, in fact, a Breach. Once the validity of an Incident has been determined, Officers/Administrators can change the Status by selecting the Incident from the Incident List, and changing the Investigation Status to either "Verified" or "Under Investigation," then clicking on the blue Update Incident button at the bottom of the screen. You may also change the Incident Status from the Menu Icon on the Incident List to the right of the Status.
Reporting an Incident as a User
To report an Incident as a User, log into The Guard and select Report Incident from the upper right option on the screen.
Fill out the Form to the best of your ability with the information regarding the Incident
- Associated Site: select the Site that the Incident affected from the dropdown menu
- Incident Title: the nature of the Incident, such as "email sent to wrong patient"
- Incident Type: select an option from the dropdown menu. If none of the options apply, you can select Other, and include and explanation in the Description Tab
- Affiliate Reported: if the Incident occurred due to a Business Associate, select the Vendor's name from the dropdown menu.
- *Only Vendor's that have been added to The Guard will appear in the dropdown menu. If you’d like to include a Vendor that you have not input into the Guard, you will need to request an Officer/Admin to add that Vendor prior to reporting the Incident.
- Reported By: select your name from the dropdown menu, or you may also chose to report the Incident anonymously
- Incident Description: include a brief description of the Incident
- Set the Incident Date and the Discovery Date
- If the Incident affected more than 500 patients, select the checkbox
Under the Attach Evidence section, Users can attach supporting documentation, by selecting Browse, selecting a Document, and clicking the Upload Evidence button.
*Please do not upload any documents containing PHI
Click the blue Submit Incident button on the bottom on the screen. Your Compliancy Officer will then be notified that an Incident has been submitted for review.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article