Beware: HIPAA Compliance Scam

April 26, 2021


Earlier today, the United States Health and Human Services Office for Civil Rights (“OCR”) issued an alert concerning fraudulent postcards sent to health care organizations claiming to be official communications from OCR.  The post cards inform recipients that they are required to participate in a “Required Security Risk Assessment” and directs providers to submit their risk assessment to, a link that diverts individuals to a non-government website offering consulting services.  You should disregard such correspondence and not provide the specified information.

As a reminder, all communications from OCR will come from either an official office or an email address ending with  You can find a complete list of OCR’s headquarters and regional offices here:

* * * * *

If you have received this communication or any other suspicious compliance alerts, please contact the Garfunkel Wild attorney with whom you regularly work, or contact us at

Click Here to download the Legal Alert.