We are sending this letter to you as part of [Provider]’s commitment to patient privacy. We take patient privacy very seriously, and it is important to us that you are made fully aware of a potential privacy issue. We have learned that your personal information, including name, address, ___________, ___________, and __________, may have been compromised. On [give date of discovery], it was discovered that [describe incident and give date of breach]. We reported the incident to the police because theft may have been involved [if applicable]. However, we have not received any indication that the information has been accessed or used by an unauthorized individual.
[Describe steps patient should take to protect themselves:]
We are keenly aware of how important your personal information is to you. If you choose, as a measure of added security, we are offering one year of credit monitoring and reporting services at no cost to you. This service is performed through [Vendor], an organization that watches for and reports to you unusual credit activity, such as creating new accounts in your name. [Vendor] will also request that the three credit bureaus place a “Fraud Alert” on your credit report. If you would like to receive this service, please respond yes by _______ or ________. We understand that this may pose an inconvenience to you. We sincerely apologize and regret that this situation has occurred. [Provider] is committed to providing quality care, including protecting your personal information, and we want to assure you that we have policies and procedures to protect your privacy.