11.0 Data and Security Breach Reporting

Provider Responsibility

Providers are responsible for protecting Personal Information collected from or about Members and must comply with Applicable Laws.

Reporting Requirements

If you become aware of any actual or potential theft, loss or unauthorized access to, use, disclosure or destruction of Personal Information or confidential information, you must notify Pacific Blue Cross immediately (within 72 hours) and provide Pacific Blue Cross with all relevant information regarding the incident until Pacific Blue Cross confirms the incident has been remedied.

You must also notify Pacific Blue Cross immediately of any unauthorized use of Provider ID access credentials, and any other computer security breach. 

Identify Breach
Recognize actual or potential security incident
Notify Immediately
Contact Pacific Blue Cross as soon as possible within 72 hours
Provide Details
Share all relevant information about the incident
Confirm Resolution
Continue until Pacific Blue Cross confirms remediation

Types of Security Incidents to Report (Actual or Potential)


Data Breaches
  • Theft or loss
  • Unauthorized access
  • Unauthorized use or disclosure
  • Unauthorized destruction

of Personal Information about Members or confidential information about Pacific Blue Cross.


Account Security
  • Unauthorized use of Provider ID access credentials
  • Unauthorized access to PROVIDERnet
  • Compromised login information
  • Suspected account takeover

System Security
  • Computer security breaches
  • Malware or ransomware attacks
  • System vulnerabilities

Contact Information for Security Incidents

Local (Within Metro Vancouver): 604-419-2000
Toll-Free: 1-877-PAC-BLUE