The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is warning health care organizations about a false postcard disguised as an official OCR communication that notifies recipients of a mandatory HIPAA compliance risk assessment.
According to an official email alert sent from OCR, the fraudulent postcards have a Washington, D.C. return address with the sender listed as “Secretary of Compliance, HIPAA Compliance Division.” These postcards are addressed to the health care organization’s HIPAA compliance officer and prompts recipients to take immediate action by phoning, sending an email, or visiting a provided URL online. The URL takes individuals to a non-governmental, marketing consulting services website.
Please be aware that this is NOT an HHS/OCR communication, and alert your staff members to this false and misleading communication. The OCR tells covered entities and business associates to “verify that a communication is from OCR by looking for the OCR address or email address on any communication that purports to be from OCR.”
The correct addresses for OCR’s HQ and Regional Offices are available on the OCR website. All OCR email addresses will end in @hhs.gov.
The OCR also states that, “Suspected incidents of individuals posing as federal law enforcement should be reported to the Federal Bureau of Investigation.”
Questions or concerns may be addressed to the OCR by email at OCRMail@hhs.gov.
A copy of the fraudulent postcard:
About the AuthorMore Content by Wayne Wenske