The Office for Civil Rights (OCR) has issued an alert regarding postcards being sent to health care organizations disguised as official OCR communications, claiming to be notices of a mandatory HIPAA compliance risk assessment. The postcards have a Washington, D.C. return address, and the sender uses the title “Secretary of Compliance, HIPAA Compliance Division.” The postcard is addressed to the health care organization’s HIPAA compliance officer and prompts recipients to visit a URL, call, or email to take immediate action on a HIPAA Risk Assessment. The link directs individuals to a non-governmental website marketing consulting services.
The OCR urges HIPAA covered entities and business associates to alert their workforce members to this misleading communication. The communication is from a private entity – it is NOT an HHS/OCR communication. Covered entities and business associates can verify that a communication is from OCR by looking for the OCR address or email address on any communication that purports to be from OCR. The addresses for OCR’s HQ and Regional Offices are available on the OCR website at: https://www.hhs.gov/ocr/about-us/contact-us/index.html
All OCR email addresses will end in @hhs.gov. If your organization has questions or concerns, you may send an email to: OCRMail@hhs.gov.
Suspected incidents of individuals posing as federal law enforcement should be reported to the Federal Bureau of Investigation.
Eagle Associates, Inc.
Your service with us includes Live Support, which means our Consultants are available to answer unlimited questions at no additional cost. Please contact us by email (email@example.com) or phone (800-777-2337).