HIPAA Horror Stories

The HIPAA Investigation Scam

one-minute read

HIPAA Investigation Scam Threatens Patient Privacy

As if we don’t live in challenging enough times already, there’s a fake HIPAA investigator on the loose.

The Department of Health and Human Services (HHS) has issued a notice to all HIPAA Covered Entities, warning of an individual p0sing as an inspector with the Office for Civil Rights (OCR). The OCR is the investigative branch of HHS responsible for HIPAA enforcement.

According to HHS, the “investigator” contacts victims by phone, informing them that a HIPAA investigation has been launched involving their organization. The fraudster then asks a series of questions about patients. The HHS warning says that the goal of the fraud is to collect patient Protected Health Information (PHI).

The fake investigator provides no OCR complaint number or any other verifiable information.

A HIPAA Investigation Scam Can Be Easily Identified

All legitimate OCR investigators will provide their email address, which ends with “@hhs.gov.” Covered entities should always demand a verification email from the investigator using their official HHS email address. The email should also include a valid OCR Complaint Transaction Number.

The investigation can be authenticated by contacting HHS by email at OCRMail@hhs.gov.

If you suspect a fraudulent investigation, HHS encourages you to contact the Federal Bureau of Investigation (FBI). According to the FBI, scams are on the rise as a result of the COVID-19 pandemic.

HIPAA Investigation Scam Among Many COVID-19 Pandemic Frauds

In addition to attempts at collecting PHI from HIPAA Covered Entities and Business Associates, email scams have been identified from people claiming to be from the Centers for Disease Control (CDC). The emails may containing malware embedded in links that purport to contain helpful information about the Coronavirus and COVID-19.

The FBI also warns of phishing schemes designed to defraud email recipients. Phishing is the practice of sending emails designed to appear as legitimate messages from banks, businesses, governmental agencies, employers, and friends. These scams include fake donation requests and offers of crisis relief services such as:

  • Charitable contributions
  • General financial relief
  • Airline carrier refunds
  • Fake cures and vaccines
  • Fake testing kits

You can spot a phishing scheme by comparing the sender’s name to the email address at the top of the message. If the sender doesn’t match the email address, it could be a phishing scheme.

The FBI has created a list of common COVID-19 scams.

Photo by Marília Castelli on Unsplash

The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Don’t become a HIPAA Horror Story! HIPAA compliance is easy, when you know the rules.

Request A Demo

Copyright © 2020 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

Terms of Service | Privacy Policy

Powered by JEMSU

Mailing Address
The HIPAA E-Tool
PO Box 179104
St. Louis, MO 63117-9104

8820 Ladue Road Suite 200
Saint Louis, MO 63124

You may have questions about COVID-19 and HIPAA. We have answers. 

We are open and answering questions about all the new modifications and waivers, coming from HHS, OCR, CMS, and the new CARES act.

If you need help with HIPAA during the COVID-19 pandemic, fill in the form, and we’ll get back to you.

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free