How do you Respond to Illegal Record Requests?

Event Materials (Key Required)

Course Description

This fast-paced, eye-opening webinar takes aim at two major sources of confusion and legal risk in today’s medical office environment: the misunderstood differences between Medicare Part B and Medicare Advantage (Part C), and the rising flood of improper or illegal medical record requests inundating providers across the country.

While many patients and even office staff believe Medicare Advantage plans are just a supplement to Original Medicare - or assume that Part B continues alongside Part C - the truth is far more complex and critical to understand. Attendees will learn why Medicare Advantage plans are not Medicare, why they operate under a different legal framework, and why providers should proceed with extreme caution when contracting with these private plans.

More importantly, the webinar confronts a growing compliance crisis: third-party data mining contractors (like Optum, Cotiviti, Episource, Change, and others) demanding full medical records on behalf of insurers - often without proper authority or valid HIPAA justification. Don Self walks participants through what the federal HIPAA law (not the insurance company) actually says - including the “Minimum Necessary” requirement (45 CFR §164.502(b)) and the conditions for permissible disclosures under §164.506(c)(4). You’ll discover:

• Why many Medicare Advantage plans mislead providers about coverage, payment, and out-of-network obligations.
• How to recognize and lawfully reject improper record requests that fail to meet legal standards.
• The two HIPAA conditions that must be met before sharing PHI for operations purposes - and how most vendors and even carriers fall short.
• The true compliance chain of command (hint: the provider’s duty to the patient comes before any contract).
• What to do when a plan threatens recoupment for non-compliance - and why federal law may be on your side, especially if ERISA applies.

Whether you’re a biller, manager, provider, or compliance officer, this session arms you with the knowledge, citations, and confidence to protect your practice, your patients, and your revenue.

Learning Objectives

• Differentiate between Medicare Part B and Medicare Advantage (Part C) in terms of legal structure, claims processing, appeals, and regulatory oversight.
• Identify common misconceptions patients and office staff have about Medicare Advantage plans, including confusion with Medigap and traditional Medicare coverage.
• Recognize misleading or false statements made by Medicare Advantage plans regarding in-network participation, payment obligations, and pre-authorization requirements.
• Understand the legal obligations under HIPAA regarding medical record disclosures, especially the “Minimum Necessary” standard (45 CFR §164.502(b)).
• Apply the two HIPAA criteria for disclosing PHI to another covered entity under 45 CFR §164.506(c)(4), and determine when it is illegal to release records.
• Assess the legitimacy of medical record requests from third-party contractors such as Optum, Cotiviti, Episource, and others — and respond accordingly.
• Explain the compliance chain of command, and why a provider’s duty to protect patient privacy overrides payer pressure or contractual misunderstandings.
• Utilize ERISA protections when applicable, especially in cases involving employer-sponsored Medicare Advantage plans and retroactive claim denials.

Areas Covered in the Session

• Medicare Advantage is NOT Medicare Part B: Many patients (and even providers) mistakenly believe they have traditional Medicare when they are enrolled in a Medicare Advantage plan. MA plans are private, for-profit alternatives, not government-run Medicare.
• Medicare Advantage plans are legally required to cover all services covered by Part B: Under 42 CFR §422.101(a), MA plans must provide coverage equivalent to what Medicare Part B provides - but many plans mislead providers and deny claims improperly.
• Providers are often misled about being “in-network”: Some MA plans tell providers they must accept lower payments, cannot balance bill, or must follow prior authorization rules - even when the provider is not contracted with the plan. These claims are frequently false.
• Medical offices are being inundated with excessive medical record requests: Contractors like Optum, Cotiviti, and Episource routinely request full medical records — often beyond the legal “minimum necessary” requirement under HIPAA.
• HIPAA's “Minimum Necessary” rule limits what can legally be disclosed: Covered entities (you, the provider) must limit disclosures of PHI to only what is necessary for the purpose of the request - not entire charts or years of data unless justified.
• You are the covered entity - not the insurance company or their contractor: HIPAA places the legal responsibility for safeguarding PHI on the provider, not the requesting party.
• Disclosing PHI to another covered entity for operations requires two things: Under 45 CFR §164.506(c)(4), both the sender and recipient must have (or have had) a relationship with the patient, and the PHI must relate directly to that relationship.
• Most record requests from third parties do not meet HIPAA’s legal requirements: Just because a plan claims to have a BAA with a contractor (like Episource) does not make the request lawful. Providers must still vet the request against federal rules.
• Retroactive denials are not always legal: While Medicare may have authority to recoup under certain circumstances, ERISA-regulated group plans (like those sponsored by employers) have strict time limits and legal constraints against retroactive denials.
• You have the right to notify the patient: When in doubt about a record request’s legality, you can - and should - contact the patient for consent. This protects both the patient’s rights and your liability under HIPAA.
• Live Q&A Session

Suggested Attendees

• Medical Providers (Physicians, NPs, PAs)
• Office Managers and Administrators
• Medical Billers
• Coders
• Hospital CEOs, CFOs and COOs
• Claims Coders
• Billing Staff and Companies
• Physicians and Other Providers
• Healthcare Consultants
• Compliance Officers
• Practice Manager
• In and Out of Network Providers
• Medical Billing Companies
• Providers Office Staff
• Hospitals and Facilities
• Insurance Companies
• Healthcare Attorneys

About the Presenter

Don Self, CPC, CMCS, CASA, is the CEO and founder of Don Self & Associates, a consulting firm specializing in medical reimbursements and helping physician practices improve patient outcomes and increase profits while staying compliant with all regulations. Don is also the President of Telecare-USA. Don has taught more than 900 seminars/ webinars over the past 38 years to tens of thousands of physicians, NPPs, coders and billers on coding, revenue, reimbursement and billing and 49 webinars in 2020 on Telehealth Billing. He has helped thousands make sure they are paid properly by Medicare and other payers.

Our Best Selling Courses

• 2025 Chronic Care Management Compliance: Improve Patient Engagement and Maximizing Reimbursement
• 2025 CAQH Portal Updates - Credentialing and Reimbursement Simplified

Additional Information

After Registration: You will receive an email with login information and handouts (presentation slides) that you can print and share with all participants at your location.

System Requirement:

• Internet Speed: Preferably above 1 MBPS
• Headset: Any decent headset and microphone which can be used to talk and hear clearly

Live Course Cancellation Policy: If for any reason Skillacquire need to cancel this program, Skillacquire will notify participants by email of the cancellation no less than 24 hours prior to the expected start time.

Can’t Listen Live? No problem. You can get access to an On-Demand webinar. Use it as a training tool at your convenience.

For more information, you can reach out to the below contact:

Toll-Free No: 1-302-444-0162

Email: care@skillacquire.com 

This is a Live Virtual session.

A new way of immersive learning that allows you to engage live with our instructor and peers providing you with the flexibility to juggle the new work-life balance.

Purchase Order Form - Click Here to download PO form. 

Snippet From Our Previous Session

Testimonials