Security Breach Instructions

Security and Security Breach Instructions

If you are a vendor of San Andreas Regional Center and sensitive or confidential information was breached, the following forms need to be completed and submitted to San Andreas Regional Center and emailed to Phien Phan at pphan@sarc.org as soon as possible:

  1. DS-5340B Template (Word)
  2. Police report number filed at the time of the breach
  3. Breach Notification Rule (HHS)

In addition to this report, you must submit a special incident report for each affected consumer. We will need to know what corrective actions the vendor is taking (e.g., is there a policy in place about leaving PHI in an unattended vehicle?). We will also require a redacted copy of one of the letters that have been sent to each person who may have been affected by the breach. Here are some sample letters for your reference.

Sample ISO Notification Letter

Best Practices for Protecting Confidential Information

All service providers should review the Technical Bulletin from the Department of Developmental Services (DDS) regarding best practices for protecting confidential, sensitive, and personal information, regardless of format (electronic or paper).

View the DDS Technical Bulletin