Home Blog Post


The Office of Civil Rights (OCR) has issued an alert, warning health care organizations of postcards being distributed and disguised as official OCR communications, claiming to be notices of a mandatory HIPAA compliance risk assessment. 

The postcards have a Washington, D.C. return address, and the sender uses the title “Secretary of Compliance, HIPAA Compliance Division.” The postcard is addressed to the health care organization’s HIPAA compliance officer and prompts recipients to visit a URL, call, or email to take immediate action on a HIPAA Risk Assessment.  The link directs individuals to a non-governmental website marketing consulting services.

The postcard below is not from HHS/OCR

HIPAA covered entities and business associates should alert their workforce members to this misleading communication.  This communication is from a private entity – it is NOT an HHS/OCR communication.  Covered entities and business associates can verify that a communication is from OCR by looking for the OCR address or email address on any communication that purports to be from OCR.  The addresses for OCR’s HQ and Regional Offices are available on the OCR website at https://www.hhs.gov/ocr/about-us/contact-us/index.html, and all OCR email addresses will end in @hhs.gov.  If organizations have additional questions or concerns, please send an email to: [email protected].

Suspected incidents of individuals posing as federal law enforcement should be reported to the Federal Bureau of Investigation. 

Want to know why a Security and Risk Assessment is so important? The U.S. Department of Health & Human Services intends a risk assessment to identify potential risks, vulnerabilities, availability and integrity of Patient Health Information (PHI) that an organization creates, maintains, receives and transmits.

By identifying these potential risks, you can work to mitigate the potential for breaches of PHI and prevent fines for your organization. Developing this assessment is beneficial to help determine just how secure and where improvements need to be made within your organization.

If you’re looking for assistance in creating your HIPAA Risk Assessment, The van Halem Group can help you. Our HIPAA compliance software, HIPAAwise, provides you with everything you need to be compliant with HIPAA regulations. Contact us to learn more.