HIPAA Templates & Sample Letters
Covered entities must establish an agreement with each business associate (BA) that has access to PHI during their services. The Business Associate Agreement (BAA) ensures that the BA will safeguard PHI and comply with HIPAA. This is a sample BAA contract.
Here you'll find a range of templates for meeting Notice of Privacy Practices (NPP) requirements as a health plan or a health care provider in various formats, along with instructions and additional information helpful in personalizing the notice.
Other HIPAA Resources
Patient Consent for Purposes of TPO
HIPAA allows the use and disclosure of PHI for Treatment, Payment, and Healthcare Operations (TPO). But what exactly does that mean? And do you need to obtain consent for TPO use and disclosure?
Here is a quick-response checklist for covered entities and business associates who have just experienced a cyber attack or another cybersecurity incident.
Privacy and Security Breach Notification Letter
After a breach of unprotected protected health information (PHI), covered entities need to notify affected individuals in writing. Find additional guidance on breach notifications here.
Request for the Restriction of PHI
Under certain circumstances, covered entities must comply with an individual's request to restrict the disclosure of their PHI. Learn more about compliance with the restriction of PHI requests here.
HIPAA Designated Contacts Form
Under HIPAA right of access rules, an individual can authorize a covered entity to share PHI with a family member, but it must be done in writing. Learn more about designated contact authorization here.
Responsibility for Request for PHI Amendment
In an electronic health information exchange environment, responsibility for PHI amendment requests can be a bit more complicated. Learn more here.