Do HIPAA auditors call your office and perform a free risk assessment for you? No way - beware of deceptive phone marketing.
It's recently come to our attention that some of our offices are receiving phone calls from solicitors that sound like they are from the Department of Health and Human Services.
The call goes something like this:
"I'm calling today to do your mandatory HIPAA Risk Assessment as required from the Department of Health and Human Service for 2016"
Now this doesn't outright say they are from HHS, who by the way doesn't audit or enforce HIPAA, that task is for the Office for Civil Rights (OCR), but this is carefully crafted to insinuate that they are a federal agency.
Phone marketing like this is nothing new -- scammers claiming to be the IRS demand wire transfers or gift card payments all the time. People claiming to be from Microsoft that "monitored error messages and need to remote in to fix them right now" while installing malware that steals your bank information are happening constantly. What is unique about this call is that unlike the IRS or Microsoft examples, this one is a legitimate business attempting to sell a HIPAA Risk Assessment Program using deceptive sales techniques. Again, this is nothing new. We see this with credit card processors and website/email hosting providers. They come in or send an invoice and by paying it, you have authorized the deceptive company to steal your business from the vendor you were working with. While what they are doing is not illegal, it certainly raises many concerns about ethics and quality of the product(s) you are being switched to.
So how do you know if it's fake?
1. With HIPAA, neither state or federal agencies will contact you by phone -- ever. All correspondence will be done either by physical mail or by email.
2. Read the fine print. With other scams and deceptive marketing, it may be more difficult to spot. All printed solicitations MUST have printed somewhere on it that it is a solicitation.
3. Be Aware. There are lots of scams out there, especially ones aimed at small businesses. If you are in doubt, get the person's name and number and give us a call to verify. An ounce of prevention is a pound of cure. It takes a few minutes to verify vs hours of headache, loss of services, downtime, and extra costs.
4. Know what you currently have in place as far as HIPAA services. If you are an active participant of ACS's HIPAA Program, you already have one of the industry's most thorough and complete risk assessments, in addition to all other required documentation. If you don't, what are you waiting for?
Look at your HIPAA Notice of Privacy Practices. If it is dated prior to 2013, it's not compliant ...
All over the US, healthcare entities are receiving an email threatening to detonate a bomb unless money is ...
How would you feel if you were plunged into a potential data breach through no fault of your ...
There are several vendors out there when it comes to digital forms and paperless office. So far, those ...
Check out our guest article for The Cutting Edge, The Official Magazine of the Santa Clara County Dental ...
Start your journey to compliance by directly interacting with our experts. With extensive years of experience in making dental practices HIPAA Compliant, we provide everything from start to finish to make you compliant, safe, secure, and confident against data breach. Look no further, begin your training today by scheduling a class with our experts!