Fraudulent HIPAA Communications: An Alert from the Office for Civil Rights
The National Law Review
Yesterday, the Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”), sent an alert to its listservs regarding fraudulent communications that are being sent to health care organizations around the country. OCR states that it became “aware of postcards being sent to health care organizations disguised as official OCR communications, claiming to be notices of a mandatory HIPAA compliance risk assessment.” The postcards have a Washington, D.C., return address, and the imposter uses the non-existent title description of “Secretary of Compliance, HIPAA Compliance Division.” OCR further explains that these postcards are being addressed to HIPAA Privacy and Security Officers and indicates that recipients should visit a website link, call or email to take immediate action on HIPAA requirements. Importantly, the website link directs individuals to a non-governmental website.
OCR provides the following example and states that...