Alert: Postcard Disguised as Official OCR Communication
August 6, 2020
OCR has been made aware of postcards being sent to health care organizations disguised as official OCR communications, claiming to be notices of a mandatory HIPAA compliance risk assessment. The postcards have a Washington, D.C. return address, and the sender uses the title "Secretary of Compliance, HIPAA Compliance Division." The postcard is addressed to the health care organization's HIPAA compliance officer and prompts recipients to visit a URL, call, or email to take immediate action on a HIPAA Risk Assessment. The link directs individuals to a non-governmental website marketing consulting services.
The postcard below is not from HHS/OCR.
HIPAA covered entities and business associates should alert their workforce members to this misleading communication. This communication is from a private entity – it is NOT an HHS/OCR communication. Covered entities and business associates can verify that a communication is from OCR by looking for the OCR address or email address on any communication that purports to be from OCR. The addresses for OCR's HQ and Regional Offices are available on the OCR website at https://link.zixcentral.com/u/2e07fc79/ZtZRohTY6hG10VTShnsoMg?u=https%3A%2F%2Fwww.hhs.gov%2Focr%2Fabout-us%2Fcontact-us%2Findex.html, and all OCR email addresses will end in @hhs.gov. If organizations have additional questions or concerns, please send an email to: OCRMail@hhs.gov.
Suspected incidents of individuals posing as federal law enforcement should be reported to the Federal Bureau of Investigation.
Thanks Carl! What will they come up with next?
Scot Lovejoy RPh. CHC CHPC
Chief Pharmacy Officer
9 Campus Drive, Suite 200
Parisippany, N.J. 07054
(O) 973-540-8400 x227
PTO Aug 17th – 28th
Confidentiality Notice: This e-mail is intended only for the person(s) to whom it is addressed and may contain information that is confidential, proprietary, privileged or otherwise protected from disclosure. If you are not an intended recipient, please (i) do not read, copy or use this communication, or disclose it to others, (ii) notify the sender immediately by replying to the message, and (iii) delete the e-mail from your system. Thank you.
No copyright infringement intended.