eForms Logo

HIPAA Incident Report Form | Sample

Create a high-quality document now!

HIPAA Incident Report Form | Sample
PDF Word ODT
4.8 Stars | 14 Ratings
340 Downloads

Updated July 19, 2023

A HIPAA incident report is a report used to document a breach of a HIPAA violation. A HIPAA violation is essentially a disclosure of protected health information, whether intentional or unintentional, to anyone who is not authorized to receive that information. Under the Health Insurance Portability and Accountability Act of 1996, patients can assume their health information will be protected from unauthorized use.

HIPAA compliance requirements include privacy, security, enforcement, and breach notification. A violation can be written, oral, or sent via communication technology. Incident reports should be filed with the Office of Civil Rights at the U.S. Department of Health and Services.

Examples of reportable incidents:

  • Stolen/lost laptop
  • Stolen/lost smartphone
  • Stolen/lost USB device
  • Malware incident
  • Ransomware attack
  • Hacking
  • Office break-in
  • Social media post
  • Sending information to the wrong patient
  • Discussing PHI outside the office

Sample

HIPAA INCIDENT REPORT FORM

This report includes important details about an event that resulted in a breach of computer systems involving a malicious 3rd party. The information used in this report shall be used solely for recording purposes and to mitigate further attacks.

Date of Report: [DATE]

1. PERSON FILING THIS REPORT.

Full Name: [NAME] Title: [TITLE]

Phone: [PHONE NUMBER] E-Mail: [E-MAIL ADDRESS]

2. THE INCIDENT.

Date of incident: [DATE] Time: [TIME] AM PM

Describe the device(s) affected: [DESCRIBE]

Were the device(s) encrypted? Yes No

How was the incident detected? [DESCRIBE]

Describe the incident (in full): [DESCRIBE]

3. ATTACK VECTOR.

Do you know how the attack was made? Yes No

If yes, describe: [DESCRIBE]

4. PERSONAL HEALTH INFORMATION (PHI).

Do you know the identities of the Patients’ data that was involved? Yes No

If yes, how many records? [#]

Have the patients been contacted? Yes No

5. Containment.

Were any containment measures made? Yes No

If yes, describe: [DESCRIBE]

6. IMPACTED SERVICES.

Was anything permanently impacted by the incident? Yes No

If yes, describe: [DESCRIBE]

7. OTHER.

Is there any other information you would like to include? Yes No

If yes, describe: [DESCRIBE]

8. PERSON FILING REPORT.

Signature: ________________________ Date: _____________

Print Name: ________________________