TOOL: Model HIPAA Breach Notification Letter to Patient

Data security breaches involving patient records can occur despite your best efforts to prevent them.
If prevention fails, your lab needs to switch to incident response mode and take measures to control the privacy damage.
In some circumstances, that may include providing written notification to each individual patient affected by the breach.
Patient notification must be provided within 60 days of discovering the incident and meet the requirements of the HIPAA Breach Notification Rule. Here is a Model Patient Notification Letter listing the required information that you can adapt for
your own use. (Note that the bold-faced subheads are illustrative only and need not be included as part of the actual letter.)

This material is for informational purposes only and not for the purpose of providing legal advice. You should always contact your attorney to determine if this information, and your interpretation of it, is appropriate to your particular situation.


For step-by-step guidance on responding to HIPAA breaches, see GCA, January 2017


You have 8 articles left to view this month.

Your 8 Free Articles Per Month Goes Very Quickly!
Get a 3 month Premium Membership to
one of our G2 Newsletters for just $47!

Click on one of the Newsletters below to sign up now and get unlimited access to all articles, archives, and tools for that specific newsletter!

You need to have an account to access this content.

Please Login...

Email Address


or Register for free for a Limited Access account.

Email Address