Healthcare Administrators

Healthcare Compliance Incident Report Generator

Generate a structured compliance incident report for a healthcare regulatory event, policy violation, or potential breach. This prompt helps healthcare administrators document compliance incidents accurately, consistently, and in a format that supports root cause analysis, corrective action, and if necessary, regulatory notification.

This prompt helps healthcare compliance staff document a regulatory incident using incident type, dates, reporting party role, department, a factual description without PHI, and immediate actions taken as inputs — the prompt explicitly requires no patient-identifying information. It produces a structured incident report covering an objective summary, a timeline of events, a preliminary risk assessment, containment actions taken, a root cause analysis framework, notification requirements to review with counsel, corrective action recommendations, and documentation preservation requirements. It is used by Compliance Officers, Privacy Officers, and department managers at hospitals, physician practices, and health systems documenting billing irregularities, potential HIPAA events, or other regulatory compliance incidents.

Testedclaude-sonnet-4-6ValidatedMar 2026ScopeThis does not constitute medical advice. Follow HIPAA guidel…TierProfessional
AI Role
You are a senior healthcare administrator with expertise in compliance incident …
Models
Claude
Confidence
Professional
Constraints
This does not constitute medical advice. Follow HIPAA guidelines. Recommend consulting qualified healthcare professionals.
Never include actual patient Protected Health Information (PHI) in prompts or outputs.
Notification decisions for HIPAA breaches, Medicare fraud referrals, and other regulatory reports must be made by legal counsel and the Compliance Officer — not by administrative staff alone.
Incident reports are legal documents — maintain accuracy and completeness. Do not speculate about causation until the root cause analysis is complete.
Tested Models
claude-sonnet-4-6
Uncertainty
If the incident type is unclear or the severity is uncertain, document what is known, identify the information gaps that must be investigated, and flag the incident as requiring immediate Compliance Officer review before any reporting decisions are made.
Scope
PHI-free admin only — use a BAA-compliant AI (e.g. BastionGPT or Azure OpenAI) for PHI.
Last updated
2026-05-28Published

The prompt

2,069 characters
incident-report-generator.prompt
You are a senior healthcare administrator with expertise in compliance incident management, root cause analysis, and regulatory notification processes.

Generate an incident report for the following compliance event:

Incident context (no PHI):
- Incident type: [INCIDENT_TYPE — e.g., potential HIPAA breach, billing irregularity, controlled substance discrepancy, workplace injury, patient complaint]
- Date incident occurred (or discovered): [DATE]
- Date reported: [REPORT_DATE]
- Reporting party: [REPORTING_PARTY_ROLE]
- Department/location: [DEPARTMENT]
- Incident description: [DESCRIBE_INCIDENT without PHI]

Initial assessment:
- Potential regulatory implications: [IMPLICATIONS — e.g., potential OCR reportable breach, CMS CoP concern, OSHA reporting]
- Initial severity assessment: [HIGH / MEDIUM / LOW]
- Immediate actions taken: [IMMEDIATE_ACTIONS]

Generate an incident report covering:

## Incident Summary
Objective, factual summary of the incident — what happened, when, where, and who was involved (by role, not name).

## Timeline of Events
Chronological reconstruction of the incident, from initial occurrence through discovery and reporting.

## Initial Risk Assessment
Preliminary assessment of the type and severity of the incident — regulatory implications, patient safety risk, financial risk.

## Immediate Containment Actions
Actions taken immediately upon discovery to prevent further harm or escalation.

## Root Cause Analysis Framework
Structured root cause analysis approach for this incident type: contributing factors, system failures, individual factors, and process gaps.

## Notification Requirements
Based on the incident type, what internal and external notifications may be required, to whom, and by when — note that specific notification decisions require legal and compliance review.

## Corrective Action Recommendations
Preliminary corrective action recommendations — process changes, training, technology, or policy updates.

## Documentation Requirements
All records that must be preserved in connection with this incident.
WAITLIST

Runner beta coming — join the waitlist.

In-product execution isn't live yet. Leave your email and we'll let you know if the Runner beta opens.

How to use this prompt

1

1. Initiate the incident report as soon as possible after discovery — accurate timelines are essential for HIPAA breach risk assessments and regulatory responses.

2

2. Route the completed incident report to the Compliance Officer and legal counsel immediately — they will determine notification obligations and manage the regulatory response.

3

3. Preserve all relevant records (access logs, email, system records) immediately — evidence can be inadvertently overwritten if not preserved promptly.

Customization tips

Add 'This incident involves a potential HIPAA breach — structure the report to support the four-factor breach risk assessment that determines reportability.'
For billing incidents, add 'Note that voluntary self-disclosure to the OIG may be appropriate for significant billing irregularities — this should be evaluated by legal counsel.'
Append 'Include a lessons-learned section after root cause analysis is complete — this section supports staff training and systemic improvement.'

Sample output

Mar 2026Professional
Healthcare Incident Report — Internal Documentation Form IMPORTANT: This document is prepared for quality improvement purposes and may be protected from discovery under quality assurance privilege. Do not share externally without authorization from the compliance officer or legal counsel. INCIDENT INFORMATION: Date of Incident: [Date] Time of Incident: [Time] Location: [Specific unit/room/area] Incident Category: [ ] Patient fall [ ] Medication event [ ] Equipment [ ] Patient behavior [ ] Staff injury [ ] Other: ______ INDIVIDUALS INVOLVED: Patient/Resident (if applicable): [First name, Last initial only] — Medical Record #: [ID] Staff Member(s) Directly Involved: [Name, Title, Department] Witness(es): [Name(s), Role(s)] FACTUAL DESCRIPTION OF INCIDENT: (Describe ONLY what was directly observed or occurred — do not include opinions, speculation, or conclusions) [Document in objective, factual terms: what happened, in what sequence, who was present, what actions were taken immediately] IMMEDIATE ACTIONS TAKEN: [ ] Patient/resident assessed for injury [ ] Treating provider notified — Time notified: _______ [ ] Family/responsible party notified (if applicable) — Time: _______ [ ] Supervisor notified — Time: _______ [ ] Patient/resident condition documented in clinical record INJURY STATUS: [ ] No apparent injury identified at time of assessment [ ] Injury identified — description: _______ [ ] Injury severity: [ ] Minor [ ] Moderate [ ] Major [ ] Unknown at this time CONTRIBUTING FACTORS (check all identified): [ ] Environmental (floor condition, lighting, equipment placement) [ ] Communication gap (handoff, language, documentation) [ ] Staffing/workflow [ ] Patient/resident condition change [ ] Equipment malfunction [ ] Other: _______ PREVENTION RECOMMENDATIONS: (What change in process, environment, or practice could reduce recurrence?) [Insert specific, actionable recommendations] Report completed by: _______ Title: _______ Date: _______ Supervisor review: _______ Date: _______

Related prompts

Frequently asked questions

Read the Healthcare Administrators AI Guide
Professional Disclaimer

This AI-generated content is for informational and educational purposes only. It does not constitute medical or legal advice. Always follow HIPAA guidelines and consult qualified healthcare professionals for specific clinical or regulatory matters.