Phishing scams involving medical records are on the rise. These attempts may include scammers faxing fraudulent medical records requests to get you to send patient records in response; see example (PDF).
When you review any requests, look for signs of a scam, including:
- Directing you to send records to an unfamiliar fax number or address
- Referencing Medicare.gov or @Medicare (.gov)
- Indicating they need records to “update insurance accordingly”
A scam request may include:
- Poor grammar, misspellings, or strange wording
- Incorrect phone numbers
- Skewed or outdated logos
- Graphics that are cut and pasted
If you think you got a fraudulent or questionable request, work with your Medical Review Contractor to confirm if it’s real. Submit medical documentation through the Electronic Submission of Medical Documentation (esMD) system or CMS medical review contractor secure internet portals, when available.
We have not only encountered this phishing scam multiple times but also faxed requests for patient information from “walgreens” ( when we called our local Walgreens to check, they denied that the request had not originated from their pharmacy and that this was a phishing scam.)
Another extremely upsetting scam is having our office number “spoofed” so that our practice name is displayed on a patient’s caller ID. The scammer then asks the patient for various information, such as their Medicare number. Neither our phone carrier nor the FCC really had a solution for this issue.