The unauthorized acquisition, access, use or disclosure of Protected Health Information (PHI) or other sensitive personal information that compromises the security or privacy of such information and poses a significant risk of financial, reputational, or other harm to the individual. If information is disclosed and then retrieved from an unauthorized individual so that the unauthorized individual would not reasonably have been able to retain the information, such event will not be deemed a breach. For example, an employee hands a patient discharge papers belonging to another patient, but realizes the mistake and quickly recovers the PHI from the patient.