OCR warns of fraudulent postcard disguised as official OCR communication

August 6, 2020 Wayne Wenske

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is warning health care organizations about a false postcard disguised as an official OCR communication that notifies recipients of a mandatory HIPAA compliance risk assessment.
According to an official email alert sent from OCR, the fraudulent postcards have a Washington, D.C. return address with the sender listed as “Secretary of Compliance, HIPAA Compliance Division.” These postcards are addressed to the health care organization’s HIPAA compliance officer and prompts recipients to take immediate action by phoning, sending an email, or visiting a provided URL online. The URL takes individuals to a non-governmental, marketing consulting services website.
Please be aware that this is NOT an HHS/OCR communication, and alert your staff members to this false and misleading communication. The OCR tells covered entities and business associates to “verify that a communication is from OCR by looking for the OCR address or email address on any communication that purports to be from OCR.”
The correct addresses for OCR’s HQ and Regional Offices are available on the OCR website. All OCR email addresses will end in @hhs.gov.
The OCR also states that, “Suspected incidents of individuals posing as federal law enforcement should be reported to the Federal Bureau of Investigation.”

Questions or concerns may be addressed to the OCR by email at OCRMail@hhs.gov.

A copy of the fraudulent postcard:

About the Author

Wayne Wenske is Senior Marketing Coordinator at Texas Medical Liability Trust. He can be reached at wayne-wenske@tmlt.org.

More Content by Wayne Wenske
Previous Article
Remote patient monitoring — Risk management considerations
Remote patient monitoring — Risk management considerations

Factors to onsider when using remote patient monitoring.

Next Article
Cyber criminal pretends to be OCR investigator to obtain PHI
Cyber criminal pretends to be OCR investigator to obtain PHI

The OCR is warning about an increase in malicious behavior by cyber criminals seeking access to protected h...

Podcast: Tech, Telemedicine, Tomorrow