2024/2025 Membership Renewal is now open!

Notification to Patients Affected by Privacy Breach

This document can be used in the event that you need to notify patients affected by a privacy breach as mandated by the Health Information Act (HIA). Please note that this is being provided as a sample only and will need to be updated to suit your clinics’ needs and unique circumstance of the privacy breach.

Instructions for use

These instructions are meant to assist you with making this document your own and fulfill your obligations under the HIA. 

  • Add your clinic logo or letterhead at the top of the page.
  • Follow the recommendations in yellow highlight and remove all highlighting when you are done editing the letter.
  • The first paragraph provides the patient with information about the breach that occurred. Please amend this to match the specific situation, but do not include any information that could further expand the breach, such as the detailed data that was compromised. Use the general examples provided as a guide to ensure that you provide all of the required information.
  • The third paragraph acknowledges the potential harm caused to the patient and provides an opportunity for an apology. It also requests that you provide an assessment of the level of harm that was caused and why you deemed it as such.
  • The fourth paragraph provides you with an opportunity to comment on the mitigation steps the clinic took to prevent further breaches and reflect on lessons learned.
  • Please enter the contact information for the person who is tasked with following up with the patient, likely the lead custodian or clinic privacy officer.

Download Word Doc