CMS appears to have identified a fraudulent practice in which requests for medical records are faxed to health care providers, and examples of the records provided can be found here. https://www.cms.gov/files/document/medical-record-phishing.pdf
When considering whether a request is fraudulent, CMS offered the following tips:
- Does your request instruct you to send records to an unfamiliar fax number or address?
- Does your request reference Medicare.gov or @Medicare (.gov)?
- Does the request indicate that you need the records to “update your insurance accordingly”?
CMS notes that fraud may also be detected by identifying:
- Poor grammar, spelling mistakes, or poor phrasing.
- The phone number is incorrect.
- Distorted or outdated logos, or
- Cut and paste graphics.
All providers, health plans, and their vendors should carefully verify the authenticity of requests for medical records or services. Adopting verification protocols can reduce the risk of becoming a victim of fraud. If you have questions about how to protect yourself against medical record fraud, please contact Alisa L. Chestler or a member of Baker Donelson’s Data Protection, Privacy, and Cybersecurity group.
