Reminder: The legacy One Portal is available until 9/23. Visit the new One Portal

Incident Identification & Reporting

The Office of Corporate Compliance and the Information Security Departments need to know when security policies and procedures are being violated. Our organization has many mechanisms and audit controls in place to detect and log when a breach of our information security system has taken place, but regardless of how protected our systems are, incidents may still occur. Every employee and staff member within the organization has an important role to play in keeping information secure by following policies and procedures, and reporting any suspected breaches of information security. If you become aware of an information security violation or notice something of a suspicious nature that may present a security problem, it is your responsibility to report it to your management, the Compliance Department, or the Information Security Department.

What is an information security incident?

An information security incident can be defined as a suspected, attempted successful, or imminent threat of unauthorized access, use, disclosure, breach, modification, or destruction of information;  interference with system operations in an information system. Incidents can occur from both internal and external sources, and can include such things as:

  • Computer viruses
  • Spyware
  • Hacker attacks
  • Unauthorized or inappropriate disclosure of electronic protected health information (ePHI)
  • Accidental viewing of ePHI by unauthorized persons
  • Unauthorized access to ePHI
  • Unauthorized alterations or deletions to ePHI

How can I identify an information security incident?

Some information security incidents can be difficult to detect, such as computer viruses or unauthorized access to protected information. Following are some tips that may help you to identify a potential information security incident:

  • Be aware of changes to your computer. Take note of any new icons or programs that appear on your workstation without your knowledge.
  • Pay particular attention to e-mails that contain attachments and/or hyperlinks, especially those from external or unknown sources.
  • Become familiar with your entity’s policies and procedures and recognize when someone is acting against them.

Where should I report an information security incident?

If you become aware that an incident has occurred, you must report it immediately to the appropriate areas listed below:

  • If the incident is computer or system related (e.g. computer virus, installation of unauthorized software, etc.), contact the Service Desk at  909-558-8008 or ext. 48889.
  • If the incident concerns unauthorized disclosure or use of ePHI, contact the Compliance Department at (909) 651-4200 or ext. 14200 or submit a report online via the Report of Concern form.
  • If you are unsure as to whom you should report an information security incident to, please contact the Compliance Department.

notification_important One Portal Maintenance
We’re cleaning up One Portal and removing outdated content to improve your experience. For more info or help, contact us.

We’re Stronger Together

We're building the future of clinical care and education to better serve our community.

Learn How