A model letter for use by covered entities (including group health plans) subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to notify individuals of a breach involving unsecured protected health information (PHI). This Standard Document has integrated notes with important explanations and drafting tips.