HIPAA Breach Notification Letter – Template


Need to communicate a breach incident to impacted parties? Use this template as a guide to make sure your patients have the information they need.

Notify your patients of a breach

When healthcare organizations discover a breach of unsecured protected health information, they are required by HIPAA and HITECH to notify affected individuals. While there are some exceptions to this rule, for the most part, covered entities must provide an individual notice in written form by first-class mail, or alternatively, by e-mail if the affected individual has agreed to receive such notifications electronically. In this notice, the organization must inform the involved parties of specific information, including the nature of the breach, and how to protect their information moving forward.

ComplyAssistant’s HIPAA Breach Notification Letter Template* was created in partnership with our legal partner, Oscislawski LLC, to provide a starting point for healthcare organizations that need to notify any impacted parties of a breach.

Whether you need to create a breach notification from scratch, or just update the one you have, our template is an attorney-vetted, comprehensive letter that is easy to modify for your organization.

In this letter template, you’ll find:

  • Easy-to-modify language explaining the nature of the breach
  • Steps an affected party can take to monitor their credit reports
  • Optional information if the organizations choose to provide credit monitoring

Using our free tools, like this HIPAA breach notification letter template, is only part of the equation. Are you properly capturing incident information? With ComplyAssistant’s healthcare compliance software, our Incident Management feature allows you to thoroughly document incident information to ensure your organization follows a standard process each time.

In addition, our Omnibus Breach Notification Workflow provides you with key assessment questions and guidance to determine if an incident that occurred at your organization is a HIPAA-HITECH Omnibus breach and if the breach is reportable. If the breach is reportable, use this HIPAA breach notification letter template to communicate with affected parties.

Want more on HIPAA compliance? Check out these resources:

*This HIPAA breach notification letter template does not provide legal advice to recipient organizations, nor is ComplyAssistant responsible for any legal consequences related to the use of this template. ComplyAssistant recommends the final version of this document be reviewed by appropriate legal counsel before being distributed.