ImpersonatorOn April 3rd, the OCR published an alert stating they’d received reports that an individual was fraudulently posing as an OCR Investigator. This person contacted HIPAA covered entities, identified themselves as being from the OCR, and tried to obtain protected health information. However, this person failed to verify their OCR affiliation through a complaint transaction number or any other verifiable means.

The OCR would like HIPAA covered entities and business associates to alert their workforce members of this scam. All HIPAA covered entities can take action to verify that someone is an OCR investigator by asking for the person’s email address, which should end in, and further requesting a confirming email from that email address.

Anyone organizations with additional questions can email the OCR directly at

Any incident where a person is suspected of posing as a federal law enforcement agent should be reported tot eh Federal Bureau of Investigation. The FBI has issued a public service announcement summarizing COVID-19 fraud schemes at