Free HIPAA Breach Notification
Letter generator
Notify affected patients the way HIPAA requires. This generator builds a breach notification letter with the elements set out in the HIPAA Breach Notification Rule (45 CFR §164.404). Preview it as you type, then download it as an editable Word document or PDF. Everything runs locally in your browser, so no data leaves your device and no sign-up is needed.
Letter details
Your organization
Recipient
The breach
Response
Contact for questions
Signatory
HIPAA BREACH NOTIFICATION LETTER
[Date]
[Patient Name] [Patient Address]
Dear [Patient Name],
We are writing to notify you of a data security incident at [Your Organization Name] that may have involved some of your protected health information. We take the privacy and security of your information seriously, and we are providing this notice in accordance with the Health Insurance Portability and Accountability Act (HIPAA) Breach Notification Rule (45 CFR 164.404).
What Happened
On [date of discovery], [Your Organization Name] became aware of an incident that may have involved some of your protected health information.
What Information Was Involved
The protected health information that may have been involved includes your full name, and medical or clinical information such as diagnoses, treatment, or medical record numbers.
What You Can Do
As a precaution, we recommend that you review statements from your health plan and providers, along with any explanation of benefits, for services you do not recognize, and report anything unfamiliar right away. You may also request a free copy of your credit report and consider placing a fraud alert or a security freeze with the major credit bureaus.
What We Are Doing
We are investigating the incident, have taken steps to secure the information involved, and are reviewing our safeguards and procedures to help prevent something like this from happening again. Where appropriate, we have notified law enforcement and are cooperating with their review.
For More Information
If you have questions or would like more information, please contact [Contact Name] at [toll-free phone number].
We sincerely regret any inconvenience or concern this incident may cause you. Protecting your information is a responsibility we take seriously, and we remain committed to keeping it safe.
Sincerely,
[Name]
[Title], [Your Organization Name]
Generated by BlockSurvey
How the breach notification letter generator works
Fill in the details
Enter your organization, the affected patient, what happened, the information involved, and how people can reach you in a short guided form.
Review the live preview
Watch the letter assemble in real time, with the HIPAA-required elements written in plain language.
Download and send
Export a ready-to-send PDF or an editable Word file. Nothing you enter ever leaves your device.
Free, secure, and HIPAA-standard by default
A breach is stressful enough without a paywall or a form that ships patient details to someone else's server. Every letter this tool produces follows the notice requirements of 45 CFR §164.404:
100% in-browser
The letter is built on your device; nothing is uploaded.
No account required
No sign-up, no email wall, no tracking.
Free, real download
The complete letter as Word or PDF at no cost, not a watermarked sample.
What a HIPAA breach notification letter must include
Under 45 CFR §164.404(c), the notice to affected individuals must contain, in plain language:
- A brief description of what happened, including the date of the breach and the date it was discovered, if known.
- The types of unsecured protected health information involved (such as name, Social Security number, date of birth, diagnosis, or account number).
- The steps individuals should take to protect themselves from potential harm.
- What the covered entity is doing to investigate the breach, mitigate harm, and protect against further breaches.
- Contact procedures for questions, including a toll-free number, email address, website, or postal address.
Built For Every Healthcare Organization
When an incident happens, the clock starts. This tool helps you send a clear, compliant notice quickly, and it works alongside HIPAA-compliant survey software when you collect health data through forms.
Solo & small practices
Get compliant paperwork without a compliance team.
Multi-location groups
Standardize HIPAA documents across every site.
Digital health startups
Set up HIPAA foundations before you scale.
SaaS & tech vendors
Cover the PHI you touch for your healthcare customers.
Billing companies & MSOs
Handle records for the practices you support.
Nonprofits & community clinics
Stay compliant on a tight budget.
Collecting PHI through forms or surveys?
HIPAA-compliant survey software from BlockSurvey signs a BAA with you, so the tool you use to gather health data is covered too.