We wanted to inform Security and Privacy officers in charge of HIPAA compliance to be extra careful when going through email communications from the Office of Civil Rights (OCR). We found this alert on the Health and Human Services Agency audit page and are very concerned about the potential damage to practices and businesses.

It is important to exercise caution with all emails since it is the preferred method used to breach electronic information or to inject malware into a network. We have worked with at least two entities in the last 10 days that were almost breached after an email was sent masking the sender.

Please know that you are not alone and that we can help implement training and tools to help reduce your risk. Send us your questions through or schedule your yearly assessment before Dec 31 and receive a discounted price.

Be careful and let us help you with HIPAA compliance training and assessments.


Alert: Phishing Email Disguised as Official OCR Audit Communication – November 28, 2016

It has come to our attention that a phishing email is being circulated on mock HHS Departmental letterhead under the signature of OCR’s Director, Jocelyn Samuels.  This email appears to be an official government communication, and targets employees of HIPAA covered entities and their business associates.  The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program.  The link directs individuals to a non-governmental website marketing a firm’s cybersecurity services. In no way is this firm associated with the U.S. Department of Health and Human Services or the Office for Civil Rights.  We take the unauthorized use of this material by this firm very seriously.

OCR would like to further share that this phishing email originates from the email address and directs individuals to a URL at This is a subtle difference from the official email address for our HIPAA audit program,, but such subtlety is typical in phishing scams.

Covered entities and business associates should alert their employees of this issue and take note that official communications regarding the HIPAA audit program are sent to selected auditees from the email address In the event that you or your organization has a question as to whether it has received an official communication from our agency regarding a HIPAA audit, please contact us via email at


Luis Delgado

Luis Delgado


Luis Delgado is a father, husband, community resource, speaker, and entrepreneur who founded The Critical Update, inc (TCUINC) in 2003. TCUINC is a business and technology consulting firm that has evolved from basic computer support to affordable technology consulting, network management, outsourced IT and cybersecurity. Our clients are from every industry in Central Texas - for profit and not for profit.

Luis is focused on helping business owners create more jobs for Texas families by addressing compliance and productivity needs.