Alert: Medicare Fraud Scheme Involving Phishing Fax Requests

CMS has identified a fraud scheme targeting Medicare providers and suppliers. Scammers are impersonating CMS and sending phishing fax requests for medical records and documentation, falsely claiming to be part of a Medicare audit.

Important: CMS does not initiate audits by requesting medical records via fax. Protect your information. If you receive a suspicious request, don't respond.

Legitimate requests for medical records are typically sent via mail or courier services, not fax.

Valid requests for records will provide the name of the beneficiary, as well as relevant details such as date of service, claim number, or services or items billed, so the receiver can provide the appropriate records.

Valid requests will include the name of the requester, such as the Medicare Administrative Contractor (MAC), Durable Medical Equipment MAC (DME MAC), Unified Program Integrity Contractor (UPIC), Recovery Audit Contractor (RAC), Comprehensive Error Rate Testing (CERT) program or Supplemental Medical Review Contractor (SMRC). These entities may use the CMS logo on their cover sheets or letterhead, in addition to the requesting companies name and/or logo.

If you receive phone calls in follow-up to this fax, these are not valid. CMS will never call requesting records. Please inform the caller that you will not be complying as the request is not valid or ignore the calls.

If you think you received a fraudulent or questionable request, work with your Medical Review Contractor to confirm it's real.

Last Updated Jul 07 , 2025