How to Avoid HIPAA Marketing Scams

Keep it Real:
How to Avoid HIPAA Marketing Scams
By Olivia Wann, JD

Has your dental office received a phone call stating the following: “My name is XX. I’m calling your office today to conduct your mandatory HIPAA Security Risk Assessment that’s required by the Department of Health and Human Services…”

Our office has received numerous phone calls from dental practices throughout Kentucky and Tennessee indicating that they have received this same call from a professional, government-sounding person. The caller implies that he/she is a HIPAA auditor although they do not refer to themselves as a federal agency.

Some of the front desk personnel have given information to the caller believing it was the government and that they were required to comply.

First of all, we must be aware that a Risk Assessment is required under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. The Risk Assessment helps covered entities such as a dental practice identify the threats and vulnerabilities to the electronic protected health information (ePHI). The Risk Assessment determines compliance with the physical, technical, and administrative safeguards.

These telephone calls are not from the government, but instead a deceptive marketing technique to sell a HIPAA Security Risk Assessment service. Although the practice would be purchasing a Risk Assessment, the manner in which the service is sold is quite misleading. The dental practice team member is led to believe that they are communicating with the government.

If you receive correspondence or notification from the Department from Human Services, typically the first communication is by hard copy letter received through the mail and clearly identified on a government letterhead. Thereafter, communications usually take place via email or through the agency’s portal.

With this in mind, do not give out your compliance information over the telephone. Your team members should be trained to route compliance calls such as this to your compliance officer, the office manager, or the dentist(s) who own the practice.

For more information, contact [email protected] or (931) 232-7738.