If you are a service provider of RCOC and confidential and personally identifiable information related to individuals you are serving is lost, stolen, or obtained by an unauthorized entity, you must submit a Security Breach Report to RCOC’s Information Security Officer via email at iso@nullrcocdd.com using the following form: Security Breach Report
In addition to submitting a Security Breach Report, you are required to inform each person via letter who may have been affected by the breach. A sample notification letter template that includes the necessary elements is available here: Security Breach Notification Letter Template
If you have any questions please contact RCOC’s Information Security Officer via email at iso@nullrcocdd.com.
Confidential and Personally Identifiable Information
Includes the following 19 individual identifiers:
- Name
- Address (all geographic subdivisions smaller than state, including street address, city, county, or ZIP code)
- All elements (except years) of dates related to an individual (including birth date, admission date, discharge date, date of death, and exact age if over 89)
- Telephone numbers
- FAX number
- Social Security number
- Medical record number
- Health plan beneficiary number
- Account number
- Online Account – User Name or Email Address, in combination with a password or security question and answer
- Certificate/license number
- Any vehicle or other device serial number
- Device identifiers or serial numbers
- Web URL
- IP address
- Finger or voiceprints
- Photographic images
- Any other unique identifying number, characteristic, or code (including UCI number)
- Vehicle license plate number (effective January 2016)
NOTE: In California, unauthorized disclosure of an individual’s “Name” and any other “notice-triggering” data element (underlined, bold) is considered a reportable breach. In the U.S., a federally reportable breach is an unauthorized disclosure of any three (of the 18 individual identifiers) data elements. (Vehicle license plate number is not a Federal personal individual identifying data element).