eForms Logo

HIPAA Incident Report Form | Sample

A HIPAA incident report documents a breach of a HIPAA violation. A HIPAA violation is essentially the disclosure of protected health information to anyone who is not authorized to receive that information. Under the Health Insurance Portability and Accountability Act, patients can expect their health information to be protected from unauthorized use.
PDF
Word
ODT

Updated September 30, 2024

4.8 Stars | 30 Ratings
Downloads: 637

Examples of reportable incidents:

  • Stolen/lost laptop
  • Stolen/lost smartphone
  • Stolen/lost USB device
  • Malware incident
  • Ransomware attack
  • Hacking
  • Office break-in
  • Social media post
  • Sending information to the wrong patient
  • Discussing PHI outside the office

HIPAA compliance requirements include privacy, security, enforcement, and breach notification. A violation can be written, oral, or sent via communication technology. Incident reports should be filed with the Office of Civil Rights at the U.S. Department of Health and Services.

Sample

HIPAA INCIDENT REPORT FORM

This report includes important details about an event that resulted in a breach of computer systems involving a malicious 3rd party. The information used in this report shall be used solely for recording purposes and to mitigate further attacks.

Date of Report: [DATE]

1. PERSON FILING THIS REPORT.

Full Name: [NAME] Title: [TITLE]

Phone: [PHONE NUMBER] E-Mail: [E-MAIL ADDRESS]

2. THE INCIDENT.

Date of incident: [DATE] Time: [TIME] AM PM

Describe the device(s) affected: [DESCRIBE]

Were the device(s) encrypted? Yes No

How was the incident detected? [DESCRIBE]

Describe the incident (in full): [DESCRIBE]

3. ATTACK VECTOR.

Do you know how the attack was made? Yes No

If yes, describe: [DESCRIBE]

4. PERSONAL HEALTH INFORMATION (PHI).

Do you know the identities of the Patients’ data that was involved? Yes No

If yes, how many records? [#]

Have the patients been contacted? Yes No

5. Containment.

Were any containment measures made? Yes No

If yes, describe: [DESCRIBE]

6. IMPACTED SERVICES.

Was anything permanently impacted by the incident? Yes No

If yes, describe: [DESCRIBE]

7. OTHER.

Is there any other information you would like to include? Yes No

If yes, describe: [DESCRIBE]

8. PERSON FILING REPORT.

Signature: ________________________ Date: _____________

Print Name: ________________________