Skip to content

Trusted by Leading Medical & Healthcare Companies

  • Advanced Homecare Logo
  • Einstein Health Logo
  • Providence Health and Services Logo
  • Advanced Dermatology Logo
  • Advocare Logo
  • OrthoMaryland Logo
  • Visiting Angels Logo
  • Contact
  • About
    • Compliance Statement
    • Letter of Introduction
    • Service Areas
      • California
      • Las Vegas
      • Texas
  • (866) 333-7922
  • Patient Calls Logo Mobile
  • Call Us
  • Live Chat
  • Menu
  • Search
Patient Calls Logoa close up image of patientcalls logo
  • Services
    • Medical Answering Service
    • Secure Text Messaging
    • EMR Integration
      • for eClinicalWorks EMR
      • for Intergy EMR
    • Insurance Verification
    • Remote Work Support
  • Industries Served
    • Hospitals & Healthcare Networks
    • Doctors
    • Homecare & Hospice
    • Internal Medicine
    • Orthopedics
    • Pediatrics
    • Dentistry
    • Optometry
    • Rehab Center Answering Service
    • Massage Therapy
    • Acupuncture
  • Pricing
  • Privacy & Security
    • Comparison of Features & Security
    • HIPAA Compliance
    • Quality Control
    • Disaster Recovery
  • Blog
    • Contact
    • About
      • Compliance Statement
      • Letter of Introduction
      • Service Areas
        • California
        • Las Vegas
        • Texas
    • (866) 333-7922
  • Search

    Get Free Quote
Preventing Call Center Fraud And Protect Patient Data

Protecting PHI in the Era of Call Center Fraud

Author Picture

Updated on October 6, 2021 by Jordan McGlone

Share this article!share this article

Table of Contents

Toggle
  • What Is Call Center Fraud? 
  • How Should Healthcare Organizations Safeguard Against Scams? 
  • PatientCalls – Secure Phone Answering Services for Healthcare  

Patient confidentiality is necessary for building trust between patients and medical professionals. At the same time, accurate health care necessitates the collecting, storage, and use of huge volumes of information, most of which is sensitive and potentially harmful if it ends up in the wrong hands. The HIPAA Privacy Rule outlines federal protections for personal health information held by healthcare organizations and their service providers and gives patients an array of rights with respect to that information. 

PHI stands for Protected Health Information, but what if it’s not always protected? This data is valuable to malicious individuals and criminal groups as fodder for extortion, identity theft, fraud, sales, and data laundering. 

What Is Call Center Fraud? 

PHI is threatened by many different factors and in innumerable ways. One of the latest scams on our radar in the healthcare industry is a form of social engineering–call center fraud. The formula is that an individual obtains hacked or breached data and contacts a call center pretending to be a patient. Using the name, address, birth date, social security number or other PHI, the individual works to convince the call center that he or she is a patient and is walked through the verification process which provides even more sensitive information.  

Phone centers in various branches of the healthcare field are being targeted this way: insurance providers, hospital and physician networks, medical billing service providers, and more. A recent Forbes article, “Fraudsters sometimes gain access to victims’ bank and e-commerce accounts by cracking weak passwords or using stolen credentials, but more and more attacks are targeting what is emerging as the weak link in many organizations’ security systems: the phone channel.”  

Why are they the weak link? Because call answering services often use knowledge-based authentication. This is a particularly vulnerable way to identify a caller using personal information, such as their account number, mother’s maiden name, or phone number. Essentially, the call center agent grants access to customer accounts via information that may also be accessible online or through breached data.  

The goal for these types of fraudsters is full account takeover. That means that a hacker gains control of a legitimate account often using automated techniques with potentially thousands of credentials and user accounts. Depending on the level of access gained and the type of account, full takeover can be extremely valuable on the dark web. For this reason, call center fraud is on the rise; phone scams have increased 30% since 2013, claims American Banker. 

If the fraudster already has, or is able to obtain, login information for the patient’s real email account, the scam becomes very difficult to stop. When using a legitimate, trusted mailbox, malicious activity is hard to detect with automated security tools. Thus, the bad actor can take over the patient’s account, change the password, use the same information to access other things like bank accounts and financial information, commit fraud and other crimes.  

How Should Healthcare Organizations Safeguard Against Scams? 

Digital identity theft is a growing problem that affects many people. When it comes to PHI, covered entities are both required to maintain data security measures to prevent these types of scams and expected to protect patients’ privacy and confidentiality. Additional best practices help healthcare organizations and their third-party service providers to meet this expectation. 

Identify the Risk 

Identity-based risk detection identifies patterns of digital user activity–across multiple forms and factors–to determine when someone could be an active fraudster. Using this type of security tool, digital identity proxies, such as mobile phone numbers and email addresses, are monitored to prevent them from being changed by someone else and hide follow-up verification attempts. 

Device intelligence tools are another option for identifying account takeover attacks and identity theft attempts. They work by analyzing the devices used to access online accounts and the identities that they are associated with. These tools are designed to allow a user to log into accounts and perform low-risk activities from familiar devices, but require additional authentication from unfamiliar devices and for high-risk activities block activity when bot activity or malware are detected. 

Address the Risk 

Dynamic and Enhanced KBA – knowledge-based authentication can be made more secure by requiring the individual to answer generated questions that have not been saved by the company. These types of questions are generated from data within a person’s credit history or public records. Therefore, the answers are difficult for anyone other than the actual person to answer. Enhanced dynamic KBA uses secure proprietary data to create custom security questions for users. 

One-Time Passwords – have become a fairly common form of multifactor identity authentication. They work by sending a unique, single-use password to the customer’s mobile phone in real-time. The customer can verify the activity requested by responding with the OTP.  

Document Verification – Works by collecting and verifying images of ID that is uploaded by the customer and double-checked with a “selfie” or webcam shot to confirm that the actual customer and ID match.  

Biometric Verification – Technology has made it possible for financial and healthcare organizations to verify the identity of a person before any PII or PHI is exchanged. This can be done via fingerprint scanning through a newer generation smartphone, facial and voice recognition using the device’s microphone or video camera.    

PatientCalls – Secure Phone Answering Services for Healthcare  

We take patient privacy, data security, and HIPAA compliance seriously. PatientCalls has the following security measures in place: 

  • Physical facilities are SSAE 16 (SOC 1) Type II compliant, 
  • Quarterly risk assessments, 
  • Multiple layer encryption, 
  • Anti-virus software, 
  • Cybersecurity detection and prevention,  
  • Repeat failed log-in prevention,  
  • Workstation monitoring and encryption, 
  • HIPAA compliance training for all agents. 

For more information about our integrated security features, see here.  

Get a Quote

About The Author

Author Picture

Jordan McGlone

Jordan has more than seven years of experience working for PatientCalls and a strong background in the healthcare answering service industry. He designs directive plans to fit the unique structure and activities of healthcare organizations, while ensuring that communications are efficient, compliant with HIPAA privacy and security regulations, and support optimal patient care.

Healthcare Call Center vs. Answering Service: the Differences that Count
October 3, 2023
Healthcare Call Center vs. Answering Service: the Differences that Count
Top Reasons to Consider Medical Call Answering Jobs 
March 17, 2023
Top Reasons to Consider Medical Call Answering Jobs 
Has Your Service Provider Raised Its Prices? 
November 2, 2022
Has Your Service Provider Raised Its Prices? 
Solution to the WFH Productivity Slump: Outsource Qualified Office Support
February 24, 2021
Solution to the WFH Productivity Slump: Outsource Qualified Office Support
Patient Calls Logo
  • 3000 W Valley Forge Circle
    Suite 3800
    King of Prussia, PA 19406
  • (866) 333-7922
  • [email protected]

Overview

  • About Us
  • Contact Us
  • Get Started
  • Resources
  • Privacy Notice
  • Compliance Statement
  • Sitemap

Our Service

  • Medical Answering Service
  • Our Software
  • EMR Integration
  • Security & Disaster Recovery
  • Quality Control
  • Insurance Verification
  • Medical Answering Service Pricing

HIPAA Compliance

  • HIPAA-Compliance
hipaa compliant icon

Industries Served

  • Hospital / Hospitalist
  • Internal Medicine
  • Doctors
  • Homecare / Hospice
  • Orthopedics
  • Pediatrics
  • Dentistry
  • Optometry
  • Massage Therapy
  • Acupuncture
Copyright © 2025 PatientCalls
Scroll to Top