5
Common “Tells” of a
FRAUDULENT REQUEST
In today’s digital world, many of us know to screen for phishing emails, malicious links, or other security threats, but do you apply the same diligence to medical record requests? Fraudulent requests are a growing concern with far-reaching risks, from compromizing sensitive patient data to violating privacy regulations and facing potential legal consequences.
As a leading provider of release of information, we’ve seen our fair share of fraudulent requests. Below is a list of “red flags” we’ve compiled for the HI community as a reference to identify and stop these attacks. Together, we can elevate the standards of data security and patient protection.
1. It is “Urgent”
Bad actors use the same techniques over and over – a tried and trusted technique is to create a sense of urgency. If you’re rushing, you’re less likely to notice poor grammar, formatting, or wrong logos.
*This is an example we have encountered and not an accurate representation of the brand displayed.
2. It has the wrong logo/motto
These are national pharmacy chains – and they take their brands seriously. Fax coversheets and letterhead will always be updated.
*These are examples we have encountered and not accurate representations of the brands displayed.
3. It’s signed by a celebrity
Names can be typed or made with a cut/paste signature. Sarah Jessica Parker, Samual L. Jackson, and Jeff Bezos aren’t moonlighting at a pharmacy. Some requesters use the last name “Bolden.”
4. It claims to be HIPAA Compliant
Bad actors use “HIPAA” to appear reputable – this extends to using logos for greater impact or mistakenly using “HIPPA.”
5. There’s grammatical and formatting mistakes
Just like a phishing email, fraudulent requests will often have poor grammar and poor formatting.
Do you see anything we missed? Let us know at compliance@verisma.com.