Skip Navigation

Notice to the Secretary of HHS of Breach of Unsecured
Protected Health Information

Breach Affecting*
Report Type*

Section 1 - Covered Entity


XXX-XXX-XXXX

Section 2 - Business Associate
Complete this section if breach occurred at or by a Business Associate


XXX-XXX-XXXX

Section 3 - Breach


MM/DD/YYYY

MM/DD/YYYY

MM/DD/YYYY

MM/DD/YYYY

Please select the type of breach. If type breach is "Other", please describe the type of breach in the field below.
Theft
Loss
Improper Disposal
Unauthorized Access/Disclosure
Hacking/IT Incident
Unknown
Other

Please select the location of the information at the time of the breach. If breach type is "Other", please describe the location of the information in more detail in the Description section below.

Please include the location of the breach, a description of how the breach occurred, and any additional information regarding the type of breach, type of media, and type of protected health information involved in the breach.

Please indicate what protective measures were in place prior to the breach

Section 4 - Notice of Breach and Actions Taken


MM/DD/YYYY

MM/DD/YYYY
Yes No
Yes No

Please select the actions taken to respond to the breach. If selecting the "Other" category, please describe the actions taken in the section below.

Please describe in detail any actions taken following the breach in addition to those
selected above.

Section 5 - Attestation

Under the Freedom of Information Act (5 U.S.C. §552) and HHS regulations at 45 C.F.R. Part 5, OCR may be required to release information provided in your breach notification. For breaches affecting more than 500 individuals, some of the information provided on this form will be made publicly available by posting on the HHS web site pursuant to § 13402(e)(4) of the Health Information Technology for Economic and Clinical Health (HITECH) Act (Pub. L. 111-5). Additionally, OCR will use this information, pursuant to § 13402(i) of the HITECH Act, to provide an annual report to Congress regarding the number and nature of breaches that are reported each year and the actions taken to respond to such breaches. OCR will make every effort, as permitted by law, to protect information that identifies individuals or that, if released, could constitute a clearly unwarranted invasion of personal privacy.

I attest, to the best of my knowledge, that the above information is accurate.


Typing your name represents your signature

MM/DD/YYYY

* indicates required field