HIPAA Incident Report Template

Create Document

HIPAA Incident Report Template

A HIPAA incident report is completed when a patient’s protected health information (PHI) is compromised by a healthcare provider. The form asks for the persons involved, the date and time of the incident, the type of information that was compromised, how the violation occurred, and what steps were taken to deal with it.

Create Document
PDF
Word
ODT

Last updated August 13th, 2025

Document Preview

A HIPAA incident report is completed when a patient’s protected health information (PHI) is compromised by a healthcare provider. The form asks for the persons involved, the date and time of the incident, the type of information that was compromised, how the violation occurred, and what steps were taken to deal with it.

Downloads: 2
  1. Home »
  2. Incident Report »
  3. HIPAA

Breach Notification

The Health Insurance Portability and Accountability Act (HIPAA) guarantees the privacy and security of patients’ information.

When a PHI breach occurs, HIPAA-covered entities and their business associates are required to notify all affected individuals and the HHS Secretary (online form).

  • For violations affecting 500+ individuals – The Secretary must be notified immediately (no later than 60 days after the breach’s discovery).
  • For violations affecting fewer than 500 individuals – Covered entities must notify the Secretary within 60 days from the end of the calendar year of the violation.

HIPAA Violations

Sample

Download: PDF, MS Word, ODT

HIPAA INCIDENT REPORT FORM
INDIVIDUAL FILING REPORT

Full Name: [FULL NAME] Title/Role: [TITLE/ROLE]
Signature:  Date: [MM/DD/YYYY]

INCIDENT DETAILS
Date of Discovery: [DATE OF DISCOVERY]      Time: [TIME] AM PM

Actual Date of Incident: [DATE OF INCIDENT]

How was the incident discovered? [DESCRIBE DISCOVERY OF INCIDENT]

Describe the Incident: [DESCRIBE THE INCIDENT]

VIOLATOR INFORMATION

Violator Name (if known): [FULL NAME] Title/Role: [TITLE/ROLE]

Was the violation intentional? Yes No

Number of Prior Violations: [#]

PERSONAL HEALTH INFORMATION (PHI)

Do you know the identities of the Patients’ data that was involved? Yes No

If yes, how many records? [#]

Have the patients been contacted? Yes No

CONTAINMENT
Were any containment measures made? Yes No

If yes, describe: [DESCRIBE CONTAINMENT MEASURES]

IMPACTED SERVICES
Were any services permanently impacted? Yes No

If yes, describe: [DESCRIBE IMPACTED SERVICES]

ADDITIONAL INFORMATION

Is there any other information that should be provided? Yes No

If yes, describe: [DESCRIBE ADDITIONAL INFORMATION]