Health Information Compliance Alert

Published on Sun Mar 05, 2006 PDF

Don't be duped by a 'certified' HIPAA trainer who's a wolf in sheep's clothing.

If you're not careful, you could fall victim to a seemingly legitimate company offering "certified" HIPAA training. Knowing how to respond to these solicitations will save you big.

Con artists at work: A covered entity receives a call from an organization claiming to be under contract to a state agency to provide HIPAA training. The letter requires the CE to attend a HIPAA training seminar next month, but the CE isn't familiar either with the solicitor or the state agency the caller claims to represent.

No, it's not a hypothetical situation--this did occur. Fortunately for this entity, the CE had the sense to contact its outside counsel to make sure they weren't being hoodwinked, but this sort of solicitation is happening all the time.

"There are a lot of companies out there offering 'HIPAA-certified' training programs or claiming that they'll certify you as HIPAA-compliant, while some will offer to 'certify' trainers to teach HIPAA," says Gretchen McBeath, an attorney in the Columbus, OH office of Bricker & Eckler. She warns entities that any of these solicitations could easily be bogus.

McBeath says one Web site she found holds its HIPAA training programs out as "legally certified," and others have trainers that are "fully certified." Still other programs say, "Be A Certified HIPAA Professional!" The problem is, "we never know by whom they are certified or what the standards are for this certification."

Beware Swindlers Pushing 'Required' Seminars

And the Centers for Medicare & Medicaid Services identified another type of scam involving HIPAA and Medicaid. CMS warned some medical associations to be on the lookout for companies that are attempting to perform HIPAA-Medicaid cons.

CMS said the company would ask for a person by name, advise that person that a HIPAA seminar was taking place at a certain hotel in or near their area, and would aggressively assert that the physician must attend the seminar and that attendance was mandatory. The fee was $200 if the CE provided a credit card number immediately, but increased to $400 if they wished to pay at the door.

Take action: While the seminar may or may not have been legitimate, don't be fooled if this happens to you and be sure to report this information to your CMS regional office.

And watch out for companies who claim exclusive rights as HIPAA presenters. "What I would tell providers is that there is no requirement for any provider to attend any one seminar, advises Caryn Gordon, senior counsel at the HHS' Office of Inspector General. "So for any seminar company to be out there marketing itself as the one company whose seminars providers must attend, that's completely false."

The best protection is to get the word out to providers that these scams are occurring, says Gordon.

Check Credentials To Verify Authenticity

If someone calls you up offering HIPAA services that claims to be with a state agency but asks for your credit card information, don't panic. "The best thing to do is to verify" that solicitation, recommends Sharon Hartsfield, an attorney in the St. Petersburg, FL office of Holland & Knight.

For HIPAA-related seminars or services, check out the Web site of HHS' Office for Civil Rights. Hartsfield says there are regional OCR representatives you can call in order to verify someone's story.

Be aware that there are outside companies that contract with various state agencies to provide HIPAA services to that state agency, so don't accuse a company of miscreant behavior until you obtain all of the facts, advises Hartsfield. However, some con artists may in fact try to prey on your HIPAA compliance fears. "If you ever hear that someone is saying something's required, just call up the agency or check the Web site and see if you can verify it independently."

McBeath agrees, and counsels CEs to obtain as much information as possible--telephone numbers, Web sites, names and organizations. "The OCR would be [the best resource to contact] unless it is really an illegal scam, in which case, they might consider local enforcement."