The postcards have a Washington, D.C. return address, and the sender uses the title “Secretary of Compliance, HIPAA Compliance Division.” The postcard is addressed to the healthcare organization’s HIPAA compliance officer and prompts recipients to visit a URL, call, or email to take immediate action on a HIPAA Risk Assessment. The link directs individuals to a non-governmental website for marketing consulting services.
Covered entities and business associates can verify that a communication is from OCR by looking for the OCR address or email address on any communication that purports to be from OCR. The addresses for OCR’s HQ and Regional Offices are available on the OCR website at www.hhs.gov/ocr/about-us/contact-us/index, and all OCR email addresses will end in @hhs.gov. Suspected incidents of individuals posing as federal law enforcement should be reported to the Federal Bureau of Investigation.
If organizations have additional questions or concerns,
please send an email OCR >
If you have questions about this information
or OSMA’s services to physicians:
Call 800-766-6762 or email OSMA.