Common “Tells” of a


In today’s digital world, many of us know to screen for phishing emails, malicious links, or other security threats, but do you apply the same diligence to medical record requests? Fraudulent requests are a growing concern with far-reaching risks, from compromizing sensitive patient data to violating privacy regulations and facing potential legal consequences.

As a leading provider of release of information, we’ve seen our fair share of fraudulent requests. Below is a list of “red flags” we’ve compiled for the HI community as a reference to identify and stop these attacks. Together, we can elevate the standards of data security and patient protection.

1. It is “Urgent”

Bad actors use the same techniques over and over – a tried and trusted technique is to create a sense of urgency. If you’re rushing, you’re less likely to notice poor grammar, formatting, or wrong logos.

fake humanna

*This is an example we have encountered and not an accurate representation of the brand displayed.

2. It has the wrong logo/motto

These are national pharmacy chains – and they take their brands seriously. Fax coversheets and letterhead will always be updated.


*These are examples we have encountered and not accurate representations of the brands displayed.

3. It’s signed by a celebrity

Names can be typed or made with a cut/paste signature. Sarah Jessica Parker, Samual L. Jackson, and Jeff Bezos aren’t moonlighting at a pharmacy. Some requesters use the last name “Bolden.”

Fake Celebrity

4. It claims to be HIPAA Compliant

Bad actors use “HIPAA” to appear reputable – this extends to using logos for greater impact or mistakenly using “HIPPA.”

fake hipaa

5. There’s grammatical and formatting mistakes

Just like a phishing email, fraudulent requests will often have poor grammar and poor formatting.

bad grammar

Do you see anything we missed? Let us know at compliance@verisma.com.