An employee at health facility D searched the facility's encrypted Electronic Health Record (EHR) for patient X's medical record using patient X's first and last names. The employee is a nurse in the pediatric department of health facility C. The patient is a geriatric patient and is not under the care of the nurse. The employee accessed patient X's entire medical history and disclosed the patient's medical history on social media. Health facility D is not a licensed facility.

Was there was a privacy breach?Is the breach reportable?If applicable, who should the breach should be reported to?

An employee at health facility E searched the facility's encrypted Electronic Health Record (EHR) for patient X's medical record using patient X's first and last names. After the Privacy Office conducted an audit trail of the employee's search, it was determined that the employee only accessed patient X's MRN and date of birth. Health facility E is a licensed facility.

Was there was a privacy breach?Is the breach reportable?If applicable, who should the breach should be reported to?