Indiana Policyholders: Notice to policyholders recently affected by severe weather. 

Dentist or doctor checking his mail looks confused about a communication he has received.

Postcard Scam Disguised As OCR Communication

On April 26, 2021, the OCR (Office of Civil Rights) issued an alert to healthcare providers of a potential scam circulating via postcard. Here's what you need to know.

This most recent scam is in the in form of a postcard which is disguised as an office OCR communication advising them they are required to complete a Security Risk Assessment and directing them to a particular website. 

This website does not actually belong to the OCR or Department of Health and Human Services (HHS), but a marketing consulting website. To make it more confusing and possibly make you question the authenticity, the website does have an “.org” extension. Fortunately, the site has since been taken down; however, the postcards could still be circulating in the mail.

Important to Know:

  • Any correspondence from the OCR will have the extension of 
  • If you receive official-looking inquiries, ask for a verifying email from the OCR investigator’s email address. 
  • You can also find all the OCR offices on their official website.

Remember and Reinforce

A similar scam was run last summer. In that attempt, the notices were regarding a mandatory HIPAA Compliance Risk Assessment and even had a Washington D.C. return address and the title of the Secretary of Compliance, HIPAA Compliance Division. This isn’t the first and probably won’t be the last time we receive alerts of these types of HIPAA scams, so always remember:

  • Do not use links or phone numbers on postcards

  • Verify information by visiting the HHS/OCR website (not the one on the postcard)

You can find more information and guidance about the HHS/OCR Security Risk analysis as well as a tool from the U.S. Department of Health & Human Services

 Reference: ADA

This website uses first party and third party cookies to improve your experience and anonymously track site visits. By visiting this website, you opt-in to the use of cookies. OK