The Department of Health and Human Services’ Office for Civil Rights yesterday alerted health care organizations to postcards disguised as official OCR communications claiming to be notices of a mandatory HIPAA compliance risk assessment. 

The sender uses the title “Secretary of Compliance, HIPAA Compliance Division” and a Washington, D.C., return address, addresses the card to the organization’s HIPAA compliance officer, and prompts recipients to visit a URL, call or email to take immediate action on a HIPAA Risk Assessment. The link directs individuals to a non-governmental website marketing consulting services.

“HIPAA covered entities and business associates should alert their workforce members to this misleading communication,” OCR said. “This communication is from a private entity – it is NOT an HHS/OCR communication. Covered entities and business associates can verify that a communication is from OCR by looking for the OCR address or email address on any communication that purports to be from OCR. The addresses for OCR’s HQ and Regional Offices are available on the OCR website at https://www.hhs.gov/ocr/about-us/contact-us/index.html, and all OCR email addresses will end in @hhs.gov. If organizations have additional questions or concerns, please send an email to: OCRMail@hhs.gov. Suspected incidents of individuals posing as federal law enforcement should be reported to the Federal Bureau of Investigation.” 

Related News Articles

Headline
The Department of Health and Human Services Tuesday reminded health care providers that HIPAA privacy rules bar them from giving media and film crews access to…
Headline
Members of the Partnership to Amend 42 CFR Part 2, including the AHA, today urged the Department of Health and Human Services to issue a rule as soon as…
Headline
The Department of Health and Human Services’ Office for Civil Rights yesterday said it generally will not impose penalties for HIPAA rule violations on health…
Headline
The Department of Health and Human Services' Office for Civil Rights April 3 warned HIPAA-covered entities of an individual posing as an OCR investigator…
Headline
To support federal public health authorities and agencies in need of COVID-19-related data, the Health and Human Services Office for Civil Rights will not…
Headline
The Partnership to Amend 42 CFR Part 2, a coalition of nearly 50 health care organizations including the AHA, applauded Congress’ important step to …