CMS Alerts Providers to Watch Out for Fake Medical Records Requests

CMS; Security

In its weekly MLN Matters publication, the Centers for Medicare and Medicaid Services (CMS) issued an alert for providers titled, Medical Records Request Scam: Watch out for Phishing.  

CMS notes it has identified phishing scams for medical records. This may include scammers faxing providers fraudulent medical records requests to obtain patient records (see example). Such records contain personally identifiable information or protected health information that can be used for identity theft and other illegal purposes.     

CMS provides the following tips for providers, particularly billing and compliance personnel. 

When you review any requests, look for signs of a scam, including: 

  • Directing you to send records to an unfamiliar fax number or address. 
  • Referencing or @Medicare (.gov). 
  • Indicating they need records to “update insurance accordingly.”  

A scam request may include: 

  • Poor grammar, misspellings, or strange wording. 
  • Incorrect phone numbers. 
  • Skewed or outdated logos. 
  • Graphics that are cut and pasted. 

If you think you received a fraudulent or questionable request, work with your Medical Review Contractor to confirm if it is real. Submit medical documentation through the Electronic Submission of Medical Documentation (esMD)​ system or CMS medical review contractor secure internet portals, when available.