CMS is alerting providers to a phishing scam that has been identified targeting medical records with fake requests that appear like they're coming from CMS.
 
This may include scammers faxing a provider fraudulent medical records requests to get the provider to send patient records in response. In a message June 27, CMS provided an example (PDF).
 
When you review any requests, look for signs of a scam, including:
  • Directing you to send records to an unfamiliar fax number or address
  • Referencing Medicare.gov or @Medicare (.gov)
  • Indicating they need records to “update insurance accordingly” 
A scam request may include:
  • Poor grammar, misspellings, or strange wording
  • Incorrect phone numbers
  • Skewed or outdated logos
  • Graphics that are cut and pasted
CMS says that if you think you have received a fraudulent or questionable request, work with your Medical Review Contractor to confirm if it’s real. Submit medical documentation through the Electronic Submission of Medical Documentation (esMD) system or CMS medical review contractor secure internet portals, when available.