HIPAA Templates & Sample Letters

  • Business Associate Agreement
    Covered entities must establish an agreement with each business associate (BA) that has access to PHI during their services. The Business Associate Agreement (BAA) ensures that the BA will safeguard PHI and comply with HIPAA. This is a sample BAA contract.
  • HIPAA Privacy Policy for Clients Template
    Here you'll find a range of templates for meeting Notice of Privacy Practices (NPP) requirements as a health plan or a health care provider in various formats, along with instructions and additional information helpful in personalizing the notice.

Other HIPAA Resources

  • Patient Consent for Purposes of TPO
    HIPAA allows the use and disclosure of PHI for Treatment, Payment, and Healthcare Operations (TPO). But what exactly does that mean? And do you need to obtain consent for TPO use and disclosure?
  • HIPAA Security Checklist
    Here is a quick-response checklist for covered entities and business associates who have just experienced a cyberattack or another cybersecurity incident.
  • Privacy and Security Breach Notification Letter
    After a breach of unprotected protected health information (PHI), covered entities need to notify affected individuals in writing. Find additional guidance on breach notifications here.
  • Request for the Restriction of PHI
    Under certain circumstances, covered entities must comply with an individual's request to restrict the disclosure of their PHI. Learn more about compliance with the restriction of PHI requests here.
  • HIPAA Designated Contacts For
    Under HIPAA right of access rules, an individual can authorize a covered entity to share PHI with a family member, but it must be done in writing. Learn more about designated contact authorization here.
  • Responsibility for Request for PHI Amendment
    In an electronic health information exchange environment, responsibility for PHI amendment requests can be a bit more complicated. Learn more here.