Skip Navigation

Notice to the Secretary of HHS of Breach of Unsecured
Protected Health Information

Breach Affecting*
Report Type*

Section 1 - Covered Entity


Section 2 - Business Associate
Complete this section if breach occurred at or by a Business Associate


Section 3 - Breach





Please select the type of breach. If type breach is "Other", please describe the type of breach in the field below.
Improper Disposal
Unauthorized Access/Disclosure
Hacking/IT Incident

Please select the location of the information at the time of the breach. If breach type is "Other", please describe the location of the information in more detail in the Description section below.

Please include the location of the breach, a description of how the breach occurred, and any additional information regarding the type of breach, type of media, and type of protected health information involved in the breach.

Please indicate what protective measures were in place prior to the breach

Section 4 - Notice of Breach and Actions Taken


Yes No
Yes No

Please select the actions taken to respond to the breach. If selecting the "Other" category, please describe the actions taken in the section below.

Please describe in detail any actions taken following the breach in addition to those
selected above.

Section 5 - Attestation

Under the Freedom of Information Act (5 U.S.C. §552) and HHS regulations at 45 C.F.R. Part 5, OCR may be required to release information provided in your breach notification. For breaches affecting more than 500 individuals, some of the information provided on this form will be made publicly available by posting on the HHS web site pursuant to § 13402(e)(4) of the Health Information Technology for Economic and Clinical Health (HITECH) Act (Pub. L. 111-5). Additionally, OCR will use this information, pursuant to § 13402(i) of the HITECH Act, to provide an annual report to Congress regarding the number and nature of breaches that are reported each year and the actions taken to respond to such breaches. OCR will make every effort, as permitted by law, to protect information that identifies individuals or that, if released, could constitute a clearly unwarranted invasion of personal privacy.

I attest, to the best of my knowledge, that the above information is accurate.

Typing your name represents your signature


* indicates required field