HIPAA Audit Email Scam and New DOL Overtime Rule Blocked

November 30, 2016

Employee Benefits

HHS Alert: Phishing Email Disguised as HIPAA Audit Notice

On November 28, 2016, the Department of Health and Human Services (HHS) issued an alert that a phishing email has been circulating to employer inboxes on mock HHS letterhead. The email appears to be an official government communication about the HIPAA audit program and directs recipients to click a link to a nonHHS website. Do not click the link. Instead, employers are encouraged to contact the HHS Office forCivil Rights (the subgroup that performs HIPAA audits) at to verify the authenticity of the HIPAA audit communication.

The full text of the HHS alert is below:

It has come to our attention that a phishing email is being circulated on mock HHS Departmental letterhead under the signature of OCRs Director, Jocelyn Samuels. This email appears to be an official government communication, and targets employees of HIPAA covered entities and their business associates. The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit November 30, 2016 HHS Alert: Phishing Email Disguised as HIPAA Audit Notice Program. The link directs individuals to a non-governmental website marketing a firms cybersecurity services. In no way is this firm associated with the U.S. Department of Health and Human Services or the Office for Civil Rights. We take the unauthorized use of this material by this firm very seriously. In the event that you or your organization has a question as to whether it has received an official communication from our agency regarding a HIPAA audit, please contact us via email at

Source:U.S. Department of Health & Human Services, Alert: Phishing Email Disguised as Official OCR Audit Communication November 28, 2016

Federal District Court Judge Blocks DOLs New Overtime Rule

On November 22, 2016, a Texas district court judge issued an injunction that blocks the Department of Labors (DOLs) new overtime rule, pending legal review of the suit brought by 21 states challenging the new overtime rule.

The DOLs new overtime rule, which raises the minimum annual salary from $23,660 to $47,476 (among other things), would have gone into effect on December 1, 2016. The judges injunction effectively blocks the overtime rule on a nationwide basis and essentially pushes back the December 1, 2016 effective date until a final ruling is issued.

What Should Employers Do Now?

Many employers have already either reclassified their employees to non-exempt status and/or raised salaries to the new $47,476 minimum threshold in anticipation of the overtime rule becoming effective as of December 2016. For those in this majority group, there is not much to be done at this point. The DOL has not responded to the courts injunction and the case may be appealed to the Fifth Circuit Court of Appeals (or to the U.S. Supreme Court).

From a purely legal standpoint, the temporary block means that employers technically do not need to immediately comply with the DOLs new overtime rule. However, its important to note that employers must follow both federal and state laws governing overtime and exempt status. Therefore, this delay in the federal rule does not impact any state laws that increase minimum salary/wage levels for overtime purposes in 2017 (e.g., New York and California). Even for employers who do operate in states with an impending state-level increase in the overtime threshold, it still may be worthwhile to stay the course. Unwinding any changes that have already been announced to employees would be unwelcome news and could have a negative impact on employee morale.

We will post updates as further developments arise.


Was this post helpful?