September 24, 2020

Volume X, Number 268

September 23, 2020

Subscribe to Latest Legal News and Analysis

September 22, 2020

Subscribe to Latest Legal News and Analysis

September 21, 2020

Subscribe to Latest Legal News and Analysis

Fraudulent HIPAA Communications: An Alert from the Office for Civil Rights

Yesterday, the Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”), sent an alert to its listservs regarding fraudulent communications that are being sent to health care organizations around the country. OCR states that it became “aware of postcards being sent to health care organizations disguised as official OCR communications, claiming to be notices of a mandatory HIPAA compliance risk assessment.” The postcards have a Washington, D.C., return address, and the imposter uses the non-existent title description of “Secretary of Compliance, HIPAA Compliance Division.” OCR further explains that these postcards are being addressed to HIPAA Privacy and Security Officers and indicates that recipients should visit a website link, call or email to take immediate action on HIPAA requirements. Importantly, the website link directs individuals to a non-governmental website. 

OCR provides the following example and states that “[t]he postcard below is not from HHS/OCR.”

Further, OCR indicates that HIPAA covered entities and business associates “should alert their workforce members to this misleading communication,” and that OCR would not send a communication without an address from OCR itself, or an email address from OCR including a suffix. The addresses for OCR’s Offices are available on the OCR website at Finally, OCR requests that any suspected incidents of individuals posing as federal law enforcement be reported to the Federal Bureau of Investigation (“FBI”). 

© Polsinelli PC, Polsinelli LLP in CaliforniaNational Law Review, Volume X, Number 223


About this Author

Iliana L. Peters, Healthcare, Privacy Lawyer, Polsinelli Law Firm

Iliana L. Peters believes good data privacy and security is fundamental to ensuring patients’ trust in the health care system, and to helping health care clients succeed in an ever-changing landscape of threats to data security. She is recognized by the health care industry as a preeminent thinker and speaker on data privacy and security, particularly with regard to HIPAA, the HITECH Act, the 21st Century Cures Act, the Genetic Information Nondiscrimination Act (GINA), the Privacy Act, and emerging cyber threats to health data.     

For over a decade, she both...