A few days ago, an excellent diary was published warning Kossacks about a PayPal scam going around. I thought I would fill the community in on another scam I encountered at work—one of the Medicare fraud scams involving durable medical equipment that target older Americans.
As many of you know, I am employed as a healthcare worker at a specialty clinic. Several months ago, a patient called the office asking if the doctor wanted him to have a back brace. He said he had received a call from someone who told him he qualified for the brace and they would get his physician to approve it. After checking the patient’s chart, I saw nothing in the physician’s notes indicating he had ordered a back brace for the patient. I asked him if he wanted a brace, and he said he only wanted it if the doctor told him he needed it. He could not remember whether or not a back brace had been discussed during his last visit, and he also could not give me the name of the company who called him. He did say that he gave him the doctor’s name and phone number. I told him I would send a message to the provider and ask him if he had intended to order a back brace for the patient, and I would get back to him.
Later that day, I got a message from the doctor stating he had not intended to order a back brace for the patient. I also received a message from our telephone answering service stating that somebody from a company called InCall Medical had left a message requesting the patient’s last office note, his insurance information, and his demographics sheet (this document has very sensitive personal information such as the patient’s name, address, phone number, social security number, and list of upcoming appointments). I forwarded that message straight to our practice manager. I had never heard of this company—when we order back braces for patients, we always use a local company that custom fits them for the patient. Never some out of state company that calls the patients and tries to get them to ask their doctor to order a brace from them. As I suspected, we had never done business with this company, and like me, my manager suspected they were a bunch of scammers.
I did some research on InCall Medical when I went home that night. The only thing I was able to find about them was a very suspicious looking Linkedin page. No website, no address, no phone number. Nothing you would expect a legitimate business to have. I passed along the information to my practice manager, and she sent out an email to all the staff about this company. There have been a lot of back brace scams involving Medicare patients going around, and, in my opinion, this place looks to be one of them!
I called the patient back the next day, and explained to him that we suspect he may have been contacted by a scammer. He said he did not want us to release any information to them if they contacted us again. I noted it in his chart. Over the next few weeks, we were contacted by InCall Medical several times, trying to get us to give them medical records and personal information about the patient. Luckily, in our practice, such calls are directed to the clinical staff pool, so all of us knew what was up when we saw these calls in our in-basket. After a while, they stopped trying. We forgot about them, thinking they were done with us.
Then, a couple of weeks ago, they tried a new tactic. They sent a fax requesting all the information from before, along with an order for the physician to sign. In our office, the front desk staff distributes all the incoming faxes. They put the order in the doctor’s in-basket, and as many doctors often do, he just signed it without really looking at it. Luckily in our office, the clinical staff handles the outgoing faxes. I just happened to be the one who did them that day, and I recognized the name of the company and name of the patient.
I immediately called the patient and asked him if he had been in contact with InCall Medical again—which he had not. I took the fake doctor’s order to my practice manager, and she turned it in to risk management. Again, an email went out warning the staff at our practice about these kinds of scams, and the fact that disclosing a patient’s protected health information without obtaining the proper consents is a major HIPAA violation.
From this close call, I realized it is all too easy to fall for one of these scammers—not only as a patient, but also as a healthcare worker.
If you are a patient, and someone calls you on the phone telling you that you qualify for a back brace or some other medical device, assume it is a scam if your doctor did not specifically discuss getting such a device with you. Most medical practices who order durable medical equipment for their patients have a certain set of vendors they work with—and if your doctor does order a back brace, a walker, or some other piece of DME, they will give you the name of the vendor they use. The physician’s office will send the order for the equipment to the vendor, not the other way around—never give any information to a telemarketer trying to get you accept a piece of equipment who has to ask for the name of your doctor.
If you work in a medical office, it’s probably a good idea to get to know who your provider’s DME suppliers are. It is all too easy for a scammer to slip a fake request into the piles of legitimate medical record requests, physician orders, and other communications sent to every clinic everywhere every day. And doctors—watch what you’re signing!