Header graphic for print
HealtHITech Law HIPAA, HITECH and Beyond

OCR Alert: Phishing Email Disguised as Official OCR Audit Communication

Posted in OCR Audits

On November 28, 2016, the Office for Civil Rights (OCR) issued an alert to providers and business associates monitoring their email for OCR audit communications. According to OCR, a phishing email disguised as an official communication from the Department of Health and Human Services (HHS) and claiming to be signed by OCR’s director Jocelyn Samuels has been circulated. The email instructs recipients to click a link regarding inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program but redirects to a non-governmental firm marketing its cybersecurity services.  The email and the firm are not in any way connected to OCR, HHS, or the HIPAA audits.  OCR asks that any questions regarding communications that you may receive purporting to be from HHS or OCR concerning the HIPAA audits be directed to OSOCRAudit@hhs.gov.