Information Services > Security > News & Updates > HHS OCR Warning - 05/01/21
May 1, 2021 /
Posted in: Security Announcements /
The HHS Office for Civil Rights (OCR) has issued an alert on postcards being sent to some health care organizations disguised as official OCR communications. The postcards claim to be a notice of mandatory HIPAA compliance risk assessment. The postcards prompt the recipient to visit a URL, call or email to take immediate action on a HIPAA Risk Assessment. The link directs individuals to a non-govenmental web site marketing consulting services. Do not respond to this request.
Here is the message received from OCR:
Alert: Postcard Disguised as Official OCR Communication
OCR has been made aware of postcards being sent to health care organizations informing the recipients that they are required to participate in a “Required Security Risk Assessment" and they are directed to send their risk assessment to www.hsaudit.org. The link directs individuals to a non-governmental website marketing consulting services.
Please be advised that this postcard notification did not come from OCR or the U.S. Department of Health and Human Services. This communication is from a private entity – it is NOT an HHS/OCR communication. HIPAA covered entities and business associates should alert their workforce members to this misleading communication. Covered entities and business associates can verify that a communication is from OCR by looking for the OCR address or email address, which will end in @hhs.gov, on any communication that purports to be from OCR, and asking for a confirming email from the OCR investigator's hhs.gov email address. The addresses for OCR's HQ and Regional Offices are available on the OCR website at https://www.hhs.gov/ocr/about-us/contact-us/index.html, and all OCR email addresses will end in @hhs.gov. If organizations have additional questions or concerns, please send an email to: OCRMail@hhs.gov.
Suspected incidents of individuals posing as federal law enforcement should be reported to the Federal Bureau of Investigation.