PHI Breach Notification Policy
(Hospitals and Health Systems)

Summary

This template provides a form policy and procedure document setting forth the protocols to be followed by a healthcare organization when determining whether a breach of protected health information (PHI) has occurred and, if so, the notices required to be given under the Health Insurance Portability and Accountability Act (HIPAA). This template includes practical guidance and drafting notes. For a full listing of resources addressing key health information privacy and security issues, see Health Information Privacy and Security Resource Kit. For checklists on determining breaches of PHI and providing required notices, see Determining HIPAA-Reportable PHI Breaches Visual Checklist and Providing HIPAA-Required Notice after PHI Breach Visual Checklist. To compare state laws on Data Breach Notification, see the Healthcare State Law Comparison Tool.