Health Information Compliance Alert

HIPAA Alert:

Avoid HIPAA Scams! How To Smell A 'HIPAA-Certified' Rat

The Tell-Tale Signs of HIPAA Scammers - And How To Combat Them

From companies offering "certified" HIPAA training to those masquerading as state-contracted HIPAA service providers, scammers are preying on the innocent in order to stuff their wallets full of your cash. Knowing how to respond to these solicitations will save you big.     
 
Here's a potentially thorny situation: A covered entity receives a call from an organization claiming to be under contract to a state agency to provide HIPAA training. The letter requires the CE to attend a HIPAA training seminar next month, but the CE isn't familiar either with the solicitor or the State agency the caller claims to represent.
 
No, it's not a hypothetical situation - this did occur. Fortunately for this entity, the CE had the sense to contact its outside counsel to make sure they weren't being hoodwinked, but this sort of solicitation is happening all the time. 
 
"There are a lot of companies out there offering 'HIPAA-certified' training programs or claiming that they'll certify you as HIPAA-compliant, while some will offer to 'certify' trainers to teach HIPAA," says Gretchen McBeath, an attorney in the Columbus, OH office of Bricker & Eckler. She warns entities that any of these solicitations could easily be bogus. 
 
McBeath says one Web site she found holds its HIPAA training programs out as "legally certified," and others have trainers that are "fully certified." Still other programs say, "BE A CERTIFIED HIPAA PROFESSIONAL!" The problem is, "we never know by whom they are certified or what the standards are for this certification."
 
And the Centers for Medicare and Medicaid Services recently caught wind of another type of scam involving HIPAA and Medicaid. CMS warned some medical associations to be on the lookout for companies that are attempting to perform HIPAA-Medicaid cons. CMS said the company would ask for a person by name, advise that person that a HIPAA seminar was taking place at a certain hotel in or near their area, and would aggressively assert that the physician must attend the seminar and that attendance was mandatory. The fee was $200 if the CE provided a credit card number immediately, but increased to $400 if they wished to pay at the door. While the seminar may or may not have been legitimate, don't be fooled if this happens to you and be sure to report this information to your CMS regional office.
 
In addition to CMS' awareness of such schemes, the HHS' Office of Inspector General says there have been scores of reported HIPAA and Medicaid scams perpetrated on CEs this year. Judy Holtz, a spokesperson for the OIG, says a group called Doctor's Assistance Corp. "uses strong sales tactics and that DAC employees have made misrepresentations by telephone that their seminars are accredited by the Office for Civil Rights. DAC employees have threatened providers that, in order to be fully HIPAA compliant, they must attend the DAC seminars."
 
Caryn Gordon, senior counsel at the OIG, says one of DAC's tactics is to call up individuals and say they must attend HIPAA seminars. They aggressively seek credit card information over the phone and "they use such tactics as telling you the fourth and eighth person from your office will attend for free." 
 
If you hear about something like this, that's typically DAC's handiwork, says Gordon, who warns providers to watch out for future HIPAA-related sales tactics. "What I would tell providers is that there is no requirement for any provider to attend any one seminar. So for any seminar company to be out there marketing itself as the one company whose seminars providers must attend, that's completely false." 
 
Gordon tells Eli the OIG currently is inundated with complaints relating to these types of companies, and says "the best protection for providers isn't necessarily for us to shut them down, but to get the word out to providers that these scams are occurring." 
 
Holtz says once they get you into a seminar, the companies frequently push literature for you to buy. "They say you have to buy this right away and you can't get it later - that you're required to do this." Prices for the literature can be as much as $1,500 and the materials they offer are often worthless, says Holtz. 
 
And if someone calls you up offering HIPAA services that claims to be with a State agency but asks for your credit card information, don't panic. "The best thing to do is to verify" that solicitation, recommends Sharon Hartsfield, an attorney in the St. Petersburg, FL office of Holland & Knight. For HIPAA-related seminars or services, check out the Web site of HHS' Office for Civil Rights. Hartsfield says there are regional OCR representatives you can call in order to verify someone's story.
  
Hartsfield says all of the seminars the OCR has held regionally have been free, and they have additional, free training on the phone. "So you just need to be wary when you hear of something like that and verify it, because it's so easy to check up on things like that." She says there are outside companies that contract with various State agencies to provide HIPAA services to that state agency, so don't accuse a company of miscreant behavior until you obtain all of the facts. However, some con artists may in fact try to prey on your HIPAA compliance fears. In that case the thing to do "if you ever hear that someone is saying something's required is just to call up the agency or check the Web site and see if you can verify it independently."
 
McBeath agrees, and counsels CEs to obtain as much information as possible - telephone numbers, Web sites, names, organizations, et cetera. "The OCR would be [the best resource to contact] unless it is really an illegal scam, in which case, they might consider local enforcement."

Other Articles in this issue of

Health Information Compliance Alert

View All