OCR alerts health care organizations to fraudulent mailing

Aug 07, 2020 - 02:41 PM
hhs-health-and-human-services-seal

The Department of Health and Human Services’ Office for Civil Rights yesterday alerted health care organizations to postcards disguised as official OCR communications claiming to be notices of a mandatory HIPAA compliance risk assessment. 

The sender uses the title “Secretary of Compliance, HIPAA Compliance Division” and a Washington, D.C., return address, addresses the card to the organization’s HIPAA compliance officer, and prompts recipients to visit a URL, call or email to take immediate action on a HIPAA Risk Assessment. The link directs individuals to a non-governmental website marketing consulting services.

“HIPAA covered entities and business associates should alert their workforce members to this misleading communication,” OCR said. “This communication is from a private entity – it is NOT an HHS/OCR communication. Covered entities and business associates can verify that a communication is from OCR by looking for the OCR address or email address on any communication that purports to be from OCR. The addresses for OCR’s HQ and Regional Offices are available on the OCR website at https://www.hhs.gov/ocr/about-us/contact-us/index.html, and all OCR email addresses will end in @hhs.gov. If organizations have additional questions or concerns, please send an email to: OCRMail@hhs.gov. Suspected incidents of individuals posing as federal law enforcement should be reported to the Federal Bureau of Investigation.” 

Related News Articles

Headline
HHS will not appeal AHA court victory in online tracking case
The U.S. Department of Health and Human Services will not appeal its loss in American Hospital Association v. Becerra. The AHA, joined by the Texas Hospital…
News
Judge rules in favor of AHA vacating HHS online tracking ‘bulletin’ as unlawful and beyond agency authority
A United States District Court Judge in Texas today ruled in favor of the AHA, Texas Hospital Association, and hospital plaintiffs, agreeing that Department of…
Headline
OCR finalizes rule prohibiting certain reproductive health care disclosures
The Department of Health & Human Services’ Office for Civil Rights April 22 released a final rule prohibiting entities regulated by the HIPAA Privacy Rule…
Headline
Cassidy proposes ways to strengthen health data privacy
Senate Health, Education, Labor & Pensions Committee Ranking Member Bill Cassidy, R-La., Feb. 21 released a report proposing ways to modernize the existing…
Headline
NIST updates HIPAA cybersecurity resource guide 
The National Institute of Standards and Technology this week released updated guidance to help HIPAA-covered entities and business associates assess and manage…
Headline
OCR releases telehealth privacy and security resources for providers, patients
The Department of Health and Human Services’ Office for Civil Rights Oct. 18 released a resource for health care providers who choose to educate patients about…