Indiana Policyholders: Notice to policyholders recently affected by severe weather. 

Dentist or doctor checking his mail looks confused about a communication he has received.

Postcard Scam Disguised As OCR Communication

On April 26, 2021, the OCR (Office of Civil Rights) issued an alert to healthcare providers of a potential scam circulating via postcard. Here's what you need to know.

Posted in Risk Management on Thursday, April 29, 2021

This most recent scam is in the in form of a postcard which is disguised as an office OCR communication advising them they are required to complete a Security Risk Assessment and directing them to a particular website. 

This website does not actually belong to the OCR or Department of Health and Human Services (HHS), but a marketing consulting website. To make it more confusing and possibly make you question the authenticity, the website does have an “.org” extension. Fortunately, the site has since been taken down; however, the postcards could still be circulating in the mail.

Important to Know:

  • Any correspondence from the OCR will have the extension of @hhs.gov. 
  • If you receive official-looking inquiries, ask for a verifying email from the OCR investigator’s hhs.gov email address. 
  • You can also find all the OCR offices on their official website.

Remember and Reinforce

A similar scam was run last summer. In that attempt, the notices were regarding a mandatory HIPAA Compliance Risk Assessment and even had a Washington D.C. return address and the title of the Secretary of Compliance, HIPAA Compliance Division. This isn’t the first and probably won’t be the last time we receive alerts of these types of HIPAA scams, so always remember:

  • Do not use links or phone numbers on postcards

  • Verify information by visiting the HHS/OCR website (not the one on the postcard)

You can find more information and guidance about the HHS/OCR Security Risk analysis as well as a tool from the U.S. Department of Health & Human Services

 Reference: ADA

Resources by Profession

Knowledge to keep you sharp

The articles, videos, webinars, tools and resources you need to do your job.

A Sympathetic History and the Importance of Contracts A Sympathetic History and the Importance of Contracts Article | Risk Management Robert McNeal was long overdue due for dental work when he visited Dr. Daymond Knight. After three years of treatment, Robert sued. Find out why he to... Helpful Tips for Clear Patient Communication Helpful Tips for Clear Patient Communication Article | Risk Management Using clear communication can help your patients to better understand health information. Texting a Link to Update Medical and Office Information Texting a Link to Update Medical and Office Information Article | Risk Management How do patients perceive your attempts to secure updated information? There might be some areas to consider. Requests for Records: Six Things You Need to Get Right Requests for Records: Six Things You Need to Get Right Article | Risk Management Requests for records or forwarding records for referrals can open a can of worms. It is important that everything goes “right.”

Read more articles

This website uses first party and third party cookies to improve your experience and anonymously track site visits. By visiting this website, you opt-in to the use of cookies. OK