1. Home
  2. Practice Help
  3. Compliance
  4. HIPAA

Phishing Email Poses as OCR HIPAA Audit Notification

 A new phishing scam targeting HIPAA-covered entities and their business associates is masquerading as an official communication from the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR).

In an alert released Nov. 28, OCR advised that the phishing email, from the email address OSOCRAudit@hhs-gov.us, is being circulated on mock HHS letterhead with the signature of OCR Director Jocelyn Samuels. The email directs you to click a link regarding possible inclusion in the HIPAA audit program. In fact, the link leads to a nongovernmental website selling a private firm’s cyber security services, OCR said.

If you receive the phishing email or are not certain if an email from OCR is an official email, contact OCR at OSOCRAudit[at]hhs[dot]gov. (Note the subtle difference in the fake URL above and this legitimate URL.)

The HIPAA audit program has stalled since the first round of covered entity desk audits were performed in July, according to Medicare Compliance Watch. Desk audits of business associates and on-site audits apparently have been postponed.

Published Dec. 16, 2016

TMA Practice E-Tips main page

Last Updated On

December 19, 2016

Originally Published On

December 16, 2016

Related Content

HIPAA

TMA Membership

What could a TMA Membership mean for you, your practice, and your patients?

Join TMA Now

Texas Medicine 

How physicians practice – and how patients receive care – is changing, and finding the right practice model is not easy in today's marketplace. Yet Texas practices are thriving amid growth in employment and alternative payment models, and rising above challenges to independent practice with support from TMA, regardless of the path they choose. Plus, learn how one medical school is taking on artificial intelligence education and how school-based health centers are filling important care gaps. 

Aug-Sept_24_TM_Cover_Lo

 

Get the latest issue.