In recent months, the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) notified business associates of their inclusion in Phase 2 HIPAA Audits. On November 28, 2016, and November 30, 2016, the OCR issued listserv announcements warning covered entities and their business associates about a phishing email disguised as an OCR official communication.
The phishing email asks recipients to click on a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program and directs individuals to a non-governmental website that markets a firm’s cybersecurity services. The phishing email originates from the email address OSOCRAudit@hhs-gov.us and directs individuals to a URL at http://www.hhs-gov.us; the firm is not associated with the HHS OCR.
Be aware that all official communications regarding the HIPAA Audit Program are sent to selected auditees from the email address OSOCRAudit@hhs.gov. If a covered entity or business associate has a question as to whether it has received an official communication from OCR regarding a HIPAA audit, please contact OCR via email at OSOCRAudit@hhs.gov.
The official HHS site for information about the HIPAA Privacy, Security, and Breach Notification Audit Program is http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/.
11/30/2016
 |
||
| The UBA Compliance Advisors help you to stay up to date on regulatory changes to help simplify your job and mitigate compliance risk.
This information is general and is provided for educational purposes only. It reflects UBA’s understanding of the available guidance as of the date shown and is subject to change. It is not intended to provide legal advice. You should not act on this information without consulting legal counsel or other knowledgeable advisors. |
 |
|