Employee incident reporting | Accountable Docs

Employee incident reporting

How employees can report a suspected incident from their profile for admin review.

If something may have exposed PHI or created a security risk, report it promptly from your employee profile. You do not need to know whether it is a breach before you submit the report.

Report suspected incidents promptly

If you are unsure whether something counts as an incident, report it anyway. Your organization's admins or compliance team will review the details, investigate, and decide what response is required.

When to report

Report anything that may involve unauthorized access, use, disclosure, loss, or compromise of PHI or systems that handle PHI.

  • A lost or stolen laptop, phone, tablet, badge, or other work device
  • PHI emailed, faxed, mailed, or messaged to the wrong person
  • Clicking a suspicious link or entering credentials on a phishing page
  • A malware, ransomware, antivirus, or endpoint security alert
  • Suspected unauthorized access to PHI or disclosure of PHI

Report from your employee profile

  1. Sign in to Accountable

    Use your normal Accountable sign-in link for your organization.

  2. Open your employee dashboard or profile

    Go to the employee dashboard or your employee profile, wherever your organization has placed the incident reporting prompt.

  3. Start the report

    Click Report an Incident or the incident reporting prompt to open the form.

  4. Describe what happened

    Include what happened, when it happened or was discovered, who or what was involved, and whether PHI may have been involved.

  5. Attach evidence if available

    Add relevant screenshots, emails, alerts, documents, or other files if you have them. Do not delay submission if you do not have evidence ready.

  6. Submit the report

    After submission, the report is sent to your organization's admins or compliance team for review.

What to include

  • A plain-language summary of what happened
  • The date and time you noticed it, plus the date and time it may have occurred if different
  • People, patients, vendors, systems, devices, or records that may be involved
  • Whether PHI may have been accessed, viewed, sent, lost, or disclosed
  • Any immediate steps already taken, such as disconnecting a device, recalling an email, or notifying a supervisor
  • Evidence you can safely provide, such as screenshots, suspicious emails, system alerts, or related files

What happens next

Submitting a report does not mean a breach has been confirmed. It creates a record so your organization can respond quickly and document the outcome.

After you submit, your organization's admins or compliance team handle the follow-up. They review the report, investigate the facts, run the response plan, determine whether the incident is a reportable breach, and document the final resolution in Accountable.

Admins manage the investigation

Employees provide the facts as soon as possible. Admins are responsible for the investigation, response plan, breach determination, and documentation after the report is submitted.

Admin incident reporting

How admins document, manage, and resolve incidents inside Accountable.
Last updated May 12, 2026
Was this helpful?