Post

Danaya Bryant, Business Analyst & HIPAAwise Consultant

In March 2020, the Federal Bureau of Investigation (FBI) published a public service announcement indicating a rise in fraud schemes related to COVID-19.  

On April 3, 2020, an alert from the Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS) revealed that an individual attempted to obtain protected health information (PHI) from HIPAA covered entities by posing as an OCR Investigator.  According to the OCR, the individual made contact but was not able to provide information that could be verified as it related to an actual investigation (e.g., OCR complaint transaction number).

If anyone makes contact related to an OCR investigation, HIPAA covered entities and business associates should notify their workforce and do the following:

• Ask for the investigator’s email address (email domain should end in @hhs.gov)
• Ask for a confirming email from the @hhs.gov email address
• Send questions or concerns to [email protected]
• Report individuals suspected of posing as federal law enforcement to the Federal Bureau of Investigation (FBI)

Also, remember to always follow standard protocols for making disclosures of PHI (45 CFR 164.514(h)). While temporary enforcement waivers have been put in place by the OCR, it is important to continue to remain vigilant and informed, especially during these unprecedented and vulnerable times.

If you have questions regarding HIPAA or services offered by us, please contact The van Halem Group today!