Beware: HIPAA Compliance Scam

August 6, 2020


Earlier today the United States Health and Human Services Office for Civil Rights “OCR” issued an alert concerning fraudulent postcards sent to health care organizations claiming to be official communications from OCR. The post cards, with a Washington, D.C. mailing address and claiming to be from the Secretary of Compliance, HIPAA Compliance Division, encourage health care organizations to visit a website, call, or email the sender “to take immediate action on a HIPAA Risk Assessment” and lists potential penalties for noncompliance. Anyone that does contact the sender is diverted to a non-government website offering consulting services.

As a reminder, all communications from OCR will come from either an official office or an email address ending with You can find a complete list of OCR’s headquarters and regional offices here:

* * * * *

If you have received this communication or any other suspicious compliance alerts, please contact the Garfunkel Wild attorney with whom you regularly work, or contact us at

Click Here to download the Legal Alert.