<img height="1" width="1" alt="" style="display:none" src="https://www.facebook.com/tr?id=1455325778106062&amp;ev=PixelInitialized">

Phishing Email Disguised as Official HIPAA Audit Communication

Phising Email Disguised as HIPAA.jpegIt’s a bad enough day when you get a letter from a government agency - it gets worse when you open it and find out you are getting audited. Now, you have to look out for an “audit” letter that is a scam. 

There is a scam email circulating where the email targets employees of HIPAA covered entities and their business associates. It appears to be an official government communication, but it most certainly is not.

 How the Scam Works

The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) has posted an alert (and a follow-up alert) warning health plans, health care providers, and their vendors of a fake communication involving the OCR audit program under the Health Insurance Portability and Accountability Act (HIPAA). The email mimics HHS departmental letterhead and even more boldly, contains the fake signature of the OCR Director.  The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program and directs individuals to a non-governmental website marketing the cybersecurity services of a firm that is not associated with HHS or OCR.

The U.S. Department of Health and Human Services (HHS) has become aware of a phishing email that is being circulated on mock HHS Departmental letterhead under the signature of the Office of Civil Rights' Director, Jocelyn Samuels. 

The follow-up alert also notes that the OCR has begun contacting business associates as part of its HIPAA audit program. If you are a business associate, you should look at all emails received from the OCR, determine whether the emails are genuine, and if genuine, formulate an action plan to address the audit matters and to meet audit response deadlines.

Employers with questions as to whether they have received an official communication from HHS regarding a HIPAA audit are advised to contact HHS via email at OSOCRAudit@hhs.gov .

Reminder: DOL Overtime Regulations are Delayed

Right after Thanksgiving we reported in a blog update about the preliminary injunction granted by the court in favor of the plaintiffs against the Department of Labor (DOL) which has the effect of delaying the implementation of these new laws.  It is still uncertain whether these laws will become effective at a later date, be repealed in their entirety or if some middle ground will be negotiated between the parties.  The DOL has indicated it will appeal the preliminary injunction ruling.


New Call-to-action