Back to News
NewsStop the Deepfake Claim: An AI‑Safety Blueprint for Medicare Call Centers, Telehealth, and Prior‑Auth Lines
healthcare-ai

Stop the Deepfake Claim: An AI‑Safety Blueprint for Medicare Call Centers, Telehealth, and Prior‑Auth Lines

September 3, 2025
22 min read
Anastasia Rychkova
Listen: Stop the Deepfake Claim: An AI‑Safety Blueprint for Medicare Call Centers, Telehealth, and Prior‑Auth Lines
0:00
0:00
September 3, 202522 min read
Article featured video
Share:
  • AI-safe access is now table-stakes: combine identity assurance, call authentication, and human-centered fallbacks to block fraud without locking out seniors.

  • Adopt a NIST-aligned assurance-by-channel model (IVR, live voice, video) with risk-based step-up controls, liveness on video, and accessible alternatives.

  • Use FCC STIR/SHAKEN signals to inform not decide trust; build “can’t-trust caller ID” agent workflows with verified callbacks and no blind transfers.

  • Deploy FTC-aligned deepfake defenses: randomized challenge-response, out-of-band checks, consented voiceprints with opt-out, PAD-backed biometrics, and a standing red-team.

  • Record and retain required Medicare marketing/enrollment calls for 10 years under CMS rules, while aligning capture, access, and deletion to HIPAA’s minimum necessary and security safeguards.

  • Institutionalize a three-tier Trust Ladder to standardize decisions, scripts, and escalations and provide a beneficiary-friendly version that preserves access.

Why this matters now

Regulatory horizon: 18-24 month outlook

Regulatory Timeline

Fraudsters are exploiting generative AI to impersonate patients, caregivers, and clinicians over voice and video to enroll members, change benefits, and push false prior-auth requests. The FTC reported U.S. fraud losses exceeded $10 billion in 2023, with imposter scams nearing $2.7 billion in losses, signaling the scale of the threat to Medicare access channels and brand trust alike. See the FTC’s latest loss data for context in nationwide fraud losses top $10B.

Total U.S. Fraud Losses (2023)
$10B+
Source: FTC
Imposter Scam Losses
$2.7B
Source: FTC
CMS Call Recording Retention
10 years
Source: CMS FAQ
FCC Traceback Response
24 hours
Prior Auth Timeframes
7 days (standard) / 72 hours (expedited)
Apr 1, 2024: FTC Impersonation Rule Effective
Sep 30, 2025: Audio-only Telehealth Allowance Through This Date
2026: Prior Authorization Timeframes Take Hold
Standard 7 days; expedited 72 hours. Source: CMS prior authorization final rule
  • Impersonation restrictions: Plan for continued FTC enforcement on AI-enabled impersonation, including likely finalization of protections explicitly prohibiting impersonation of individuals as proposed in early 2024 (see FTC proposal).

  • Robocall controls: The FCC continues tightening call authentication and mitigation obligations across providers, including non‑IP pathways, under the STIR/SHAKEN trust anchor regime (see federal register notice).

  • AI risk guidance: NIST is expanding profiles and guidance around synthetic content and human-AI teaming, reinforcing needs for provenance, liveness, and robust measurement under the AI RMF (see synthetic content guidance).

  • Operational planning: Leaders should anticipate tighter consent and disclosure standards for AI-assisted interactions and ensure telephony partners comply with evolving authentication and mitigation duties under §64.6301.

Impact planning: Expect a temporary AHT uptick from step‑up controls, then stabilization as agents and beneficiaries adapt. Run a 4 to 6 week pilot to establish baseline FAR/FRR, abandonment, and accessibility outcomes. Set acceptance guardrails: keep FRR within an agreed tolerance band and publish a weekly scorecard. Scale only the controls that lower FAR without breaching access guardrails; retire those that do.

Deepfakes and voice cloning now amplify impersonation risk. The FTC’s Impersonation Rule took effect April 1, 2024, with a proposed expansion to cover impersonation of individuals, reflecting growing enforcement focus on AI‑enabled scams. See Impersonation Rule goes into effect and the proposal to prohibit impersonation of individuals.

In parallel, the TRACED Act and FCC orders require service providers to implement caller ID authentication (STIR/SHAKEN) and robocall mitigation, improving signaling on call provenance but not guaranteeing identity, especially across legacy and international routes. Review 47 CFR §64.6301 (STIR/SHAKEN) and the call authentication trust anchor.

An operating model for AI‑safe access

This blueprint integrates NIST digital identity (SP 800‑63) with the NIST AI Risk Management Framework (AI RMF), FCC caller authentication signals, and CMS/HIPAA recording and privacy requirements.

  • Governance: Use the AI RMF’s GOVERN function to define roles, policies, and escalation paths for identity, recordings, and model risk infused across the lifecycle per NIST AI RMF 1.0.

  • Risk-based identity assurance: Set IAL/AAL targets per channel using NIST SP 800‑63A/B; combine dynamic risk scoring with low-friction challenges and step-up controls. Reference SP 800‑63B (AALs) and SP 800‑63A (IALs).

  • Signal-aware call handling: Use STIR/SHAKEN attestation as one input to risk not a pass/fail. Elevate verification when attestation is weak, missing, or incompatible. See attestation levels A/B/C.

  • Human-centered fallbacks: Offer accessible alternatives (scheduled verified callbacks, mailed codes, caregiver/POA workflows) to prevent lockouts for older adults and those with limited tech access.

  • Evidence-backed detection: Employ liveness checks on video, randomized phrase challenges on voice, PAD-backed biometrics, out-of-band (OOB) verification, and provenance indicators for content authenticity aligned with NIST synthetic content guidance.

  • Lifecycle accountability: Record required calls, store securely with role-based access, maintain audit logs, and sanitize media per NIST guidelines, balancing CMS mandates and HIPAA’s minimum necessary standards (see 10‑year recording requirement and HIPAA Security Rule).

NIST‑aligned assurance‑by‑channel matrix

Voice IVR (automated)

  • Risk posture: High susceptibility to spoofed caller ID and synthetic voices; treat ANI as untrusted.

  • Targets: IAL2 for verified member-dependent transactions; AAL2 for sensitive changes; AAL1 for low-risk information only.

  • Controls:

    • Dynamic risk scoring (signals: call attestation, device reputation, prior session history).

    • Step up when risk exceeds threshold: one-time codes via out-of-band channel on file; no KBA on static PII.

    • Randomized phrase challenges for suspected voice cloning; failure triggers “safe handoff” to human with verified callback.

    • Block high-risk actions in IVR; route to live agent with enhanced verification when needed.

  • Accessibility: Offer keypad-only paths; allow transfer to live agent with scheduled verified callback if DTMF-only users cannot complete step-up.

Live agent voice

  • Risk posture: Highest social engineering exposure; deepfake voices increasingly convincing.

  • Targets: IAL2 baseline; AAL2 for account changes/benefit moves; step to AAL3 only for the rarest, highest-risk transactions with phishing-resistant authenticators. See phishing-resistant AAL3.

  • Controls:

    • Agent desktop risk banner showing STIR/SHAKEN attestation, call path, prior history; caution that attestation is not identity.

    • Scripted randomized phrase challenge and transaction-specific probes; immediate out-of-band verification for high-risk requests.

    • Consented voiceprint option (opt-in, clear notice and alternatives); use only as part of MFA and monitored for PAD performance consistent with SP 800‑63B biometric guidance.

    • Supervisor assist and “no-transfer” rule to external numbers; use verified callback only.

  • Accessibility: For beneficiaries without mobile/OOB access, schedule a verified callback window or mail a code; support caregiver/POA with documented authority.

Video (telehealth and identity sessions)

  • Risk posture: Video deepfakes and document forgeries exist; however, visual liveness and supervised checks enable higher assurance.

  • Targets: IAL2 for standard remote proofing; IAL3 via supervised remote or in-person when risk justifies biometric collection under trained oversight; AAL2 for session authentication. See IAL2/IAL3 requirements.

  • Controls:

    • Active liveness (head turns, lip sync to randomized phrases) and document live-capture with liveness to ensure genuine presence aligned to 63A live capture.

    • Supervised remote proofing by trained staff for IAL3 when warranted.

    • Session re-bind (short re-auth) before sensitive changes; secure channel and recording consent captured if applicable.

  • Accessibility: CMS allows audio-only telehealth when video is not feasible; maintain agent pathways that preserve care access. See CMS telehealth FAQ (audio-only conditions) and HIPAA audio-only guidance.

Edge defense: the STIR/SHAKEN playbook for “can’t‑trust caller ID”

STIR/SHAKEN authenticates caller ID across IP networks but does not authenticate the person. Treat it as one risk signal among many. Operational rule: treat A‑level attestation as lower risk input only; require step‑up verification for B/C or missing attestation, and use verified callbacks for Tier 2/3 requests.

  • Understand attestation:

    • A: the originating provider knows the calling party and that they are authorized to use the number.

    • B: the provider knows the customer but not the right to use the number.

    • C: the provider can only attest to the gateway; lowest confidence. See attestation levels A/B/C.

  • Apply FCC rules: Your telecom partners must authenticate calls on IP networks and maintain robocall mitigation plans; they must also respond to traceback within 24 hours. Review §64.6301 and §64.6305. Note the non‑IP exemption until suitable protocols are available per §64.6306.

Agent workflow when you can’t trust caller ID

  • Never authenticate a caller solely on caller ID or phone number knowledge.

  • If attestation is weak/absent or the request is high-risk:

    • Pause action; inform the caller you will call them back on a verified number on file.

    • Use only CRM-verified numbers for callbacks; do not accept new numbers over the same call.

    • Apply the “no-blind-transfer” rule: never transfer to external numbers; route internally and initiate verified callback if escalation is needed.

  • Document the session, attestation level, verification steps taken, and outcome in the case record.

Deepfake threat and control set

The FTC advises consumers to hang up and verify via a number they already know when they suspect voice cloning: a principle enterprises should standardize for agents via out-of-band verification. See fighting back against harmful voice cloning.

Financial regulators similarly warn of deepfake identity documents and real-time video manipulation in attacks; see FinCEN’s alert on fraud schemes involving deepfake media.

Controls that materially lower false acceptance while preserving access

  • Randomized challenge-response on voice: short, non-reusable phrases; mismatches or delays trigger step-up or callback.

  • Cross-channel verification: out-of-band code to a number or portal credential on file; avoid KBA on static personal data.

  • Consented voiceprints with opt-out: use as part of MFA, disclose purpose, retention, and alternatives; monitor PAD performance consistent with SP 800‑63B biometric guidance.

  • Video liveness and supervised sessions: active liveness (randomized actions), document live capture, and when justified supervised remote proofing under 63A IAL2/IAL3.

  • Content provenance: accept/emit tamper-evident provenance when feasible, aligned to NIST’s synthetic content guidance on provenance and watermarking in NIST AI 100‑4.

  • Anomaly cues: detect unusual request patterns, rushed payment changes, or script avoidance; tie to dynamic risk scores and step-up rules.

  • Control Selection Matrix

    Access friction →
    Fraud reduction →
    OOB verification
    Randomized phrase
    Supervised video

    Use low-friction controls by default; reserve higher-friction options (supervised video) for Tier 3 or anomalies.

SIU red‑team test plan (quarterly)

  • Scope: IVR, live voice, video; enrollment, benefit changes, prior-auth status and initiation.

  • Methods:

    • Voice cloning and replay with varied quality; injection attacks over VoIP.

    • Video impostors with doc forgeries; liveness bypass attempts (pre-recorded loops).

    • Cross-channel social engineering (SMS/email + call) to test OOB verification discipline.

  • Metrics: false acceptance and rejection rates by scenario; average handle time (AHT) deltas; containment and verified-session conversion; escalation outcomes; accessibility impacts.

  • Governance: Align to AI RMF MEASURE/MANAGE with repeatable TEVV, documented residual risks, and action owners.

Red-Team Metrics Tracker (populate after each quarterly exercise)
Metric Definition Baseline Target Owner
False Acceptance Rate (FAR) Approved fraud attempts over total attempts TBD TBD SIU
False Rejection Rate (FRR) Legitimate callers rejected over total legitimate attempts TBD TBD CX Ops
AHT Delta Average handle time change vs baseline TBD TBD Workforce
Containment Rate Fraud attempts contained without account impact TBD TBD Security
Verified-session Conversion Share of sessions that complete step-up and proceed TBD TBD CX Ops

Recording, consent, and compliant lifecycle

CMS requires Medicare Advantage organizations and their Third‑Party Marketing Organizations (TPMOs) to record all beneficiary calls related to marketing, sales, and enrollment and retain them for ten years. See CMS’s FAQ on recording and retention and the regulatory basis at 42 CFR §422.2274.

Lifecycle blueprint (capture → storage/retention → retrieval → deletion)

  • Capture and consent:

    • Announce recording at call start; capture verbal consent; log purpose and applicable line of business.

    • For web-based calls, capture audio portion in full; tag PHI-containing segments appropriately.

  • Storage and access:

    • Encrypt at rest and in transit; apply role-based access; maintain detailed access logs per NIST log management guidance in SP 800‑92.

    • HIPAA compliance: limit use/disclosure to treatment, payment, and operations; secure ePHI under the HIPAA Security Rule and permitted uses in the HIPAA Privacy Rule.

  • Retrieval and litigation hold:

    • Index to member ID, date/time, agent ID, and purpose; fulfill regulator and member requests promptly.

    • Apply legal holds that override deletion schedules until matter closure.

  • Deletion and media sanitization:

The Trust Ladder: a triage model for every channel

Tier 1 Low (routine info, no account change)

  • Examples: benefit explanations, coverage limits, general program info.

  • Verification: AAL1 (single-factor) if no PHI disclosed; otherwise minimal AAL2 (one OOB code) before sharing member-specific data.

  • Agent script: “Before we discuss your specific benefits, I’ll send a quick code to the number we have on file. Read it back when it arrives.”

Tier 2 Medium (account or contact updates; scheduling; prior-auth status)

  • Verification: AAL2 MFA via two distinct factors; cross-channel OOB; randomized phrase challenge if voice risk indicators present.

  • Escalation: If STIR/SHAKEN is weak or behavior is anomalous, switch to verified callback on file; prohibit new numbers until verified.

  • Agent script: “For your security, we’ll complete this via a call back to your number ending in ‑1234. Is now a good time, or should we schedule a window?”

Tier 3 High (enrollment changes; financials; initiating prior auth)

  • Verification: AAL2 minimum plus one of: supervised video liveness; consented voiceprint match; or in-portal secure approval.

  • Proofing: IAL2 identity validation for new enrollments; consider supervised remote (IAL3) for high-risk anomalies.

  • Agent script: “This change touches your coverage and privacy. We’ll verify via a brief video check or a secure code in your portal. Which works best for you?”

Trust Ladder by Tier: Use this reference to set verification depth and scripts
Tier Examples Verification Agent Script
Tier 1 (Low) Benefit explanations, coverage limits, general program info AAL1 if no PHI; minimal AAL2 (one OOB code) before member-specific data “Before we discuss your specific benefits, I’ll send a quick code to the number we have on file. Read it back when it arrives.”
Tier 2 (Medium) Account/contact updates, scheduling, prior-auth status AAL2 MFA; cross-channel OOB; randomized phrase challenge on voice risk “For your security, we’ll complete this via a call back to your number ending in ‑1234. Is now a good time, or should we schedule a window?”
Tier 3 (High) Enrollment changes, financials, initiating prior auth AAL2 plus one: supervised video liveness; consented voiceprint match; or in-portal approval “This change touches your coverage and privacy. We’ll verify via a brief video check or a secure code in your portal. Which works best for you?”

Beneficiary-friendly Trust Ladder (plain language)

  • Simple questions: the helper may answer right away or send a quick code to protect your privacy.

  • Account changes: they will send a code or call you back on the number they already have. They will not ask you for new numbers during the same call.

  • Important changes (enrollment, payment): they may ask to do a short video or send a secure approval. If you prefer, ask for a scheduled call back.

Operational runbooks by channel

Enrollment and benefits hotlines

  • Default to Tier 2 verification for any account-specific information; Tier 3 for enrollment changes.

  • Scripts include clear consent for recording (where required) and accessible alternatives (callback, mailed code).

  • TPMO oversight: ensure all marketing/sales/enrollment calls are recorded and retained per CMS’s 10‑year requirement.

Telehealth visits (audio/video)

  • Respect beneficiary preference and access; audio-only is permitted in defined scenarios through September 30, 2025, when video is not feasible. See CMS telehealth FAQ.

  • Before discussing PHI: verify identity at AAL2 (e.g., code to number on file plus one additional factor); document consent to telehealth and any recording.

  • For high-risk actions: use supervised video liveness; if not possible, step-up via secure portal approval or verified callback.

  • HIPAA: ensure platform and workflow comply with privacy/security requirements cited in HIPAA audio-only guidance.

Prior authorization calls

  • Status inquiries: Tier 2 verification; never disclose beyond minimum necessary.

  • Initiation/changes: Tier 3 verification; if beneficiary is not present, require documented consent or portal-based authorization. Align to the 2026 timeframes (7 days standard, 72 hours expedited) in CMS prior authorization final rule.

  • Provider identity: verify NPI/affiliation via trusted directories; avoid processing based solely on caller ID or provided callback numbers.

Agent desk reference: “No‑trust caller ID” protocol

  • Do not accept identity based on caller ID, even when it looks familiar.

  • Use the Trust Ladder to set verification depth; escalate on risk signals.

  • When in doubt: stop, explain the security step, and switch to a verified callback on file.

  • Never transfer to outside numbers; never collect new phone numbers on a suspicious call.

  • Offer accessible options: schedule a callback; mail a code; involve a documented caregiver/POA.

Metrics and governance

    False Acceptance Rate (FAR)
    TBD
    False Rejection Rate (FRR)
    TBD
    AHT Delta
    TBD
    Containment Rate
    TBD
    Verified-session Conversion
    TBD
    Abandonment
    TBD

    Set targets and update weekly. Track successful fallbacks as an access quality metric.

  • AI RMF MEASURE: establish a repeatable test bench and dashboards; track human-in-the-loop impacts alongside computational metrics per AI RMF measurement guidance.

  • Logs: retain verification and decision logs with integrity and access controls following SP 800‑92 log management.

  • Incident response: build playbooks for suspected deepfakes, callbacks, and account locks consistent with NIST SP 800‑61r3.

  • Bias and accessibility checks: review rejection rates by segment; ensure alternatives for those without smartphones or reliable internet.

Regulatory horizon: 18-24 month outlook

  • Impersonation restrictions: Plan for continued FTC enforcement on AI-enabled impersonation, including likely finalization of protections explicitly prohibiting impersonation of individuals as proposed in early 2024 (see FTC proposal).

  • Robocall controls: The FCC continues tightening call authentication and mitigation obligations across providers, including non‑IP pathways, under the STIR/SHAKEN trust anchor regime (see federal register notice).

  • AI risk guidance: NIST is expanding profiles and guidance around synthetic content and human-AI teaming, reinforcing needs for provenance, liveness, and robust measurement under the AI RMF (see synthetic content guidance).

  • Operational planning: Leaders should anticipate tighter consent and disclosure standards for AI-assisted interactions and ensure telephony partners comply with evolving authentication and mitigation duties under §64.6301.

Impact planning: Expect temporary AHT increases from step-up controls, followed by stabilization as agents and beneficiaries adapt. Use pilots to measure your baseline FAR/FRR and accessibility outcomes, then scale controls that demonstrate risk reduction without unacceptable rejection rates.

What this means for you

For CEOs, COOs, and Operations Leaders

  • Declare AI-safe access a strategic standard. Fund the Trust Ladder, detection tooling, and human-centered fallbacks as part of core service quality.

  • Set KPIs for fraud loss prevention alongside accessibility; publish internal scorecards and keep the playbooks simple and repeatable.

  • Stage adoption: pilot in one high-volume line, measure FAR/FRR and AHT deltas, then scale controls that reduce fraud without unacceptable rejection rates.

For CISOs/CTOs

  • Map assurance levels to channels; integrate call signals (attestation, device, behavior) into dynamic risk scoring; enforce OOB verification and cryptographic MFA where feasible.

  • Align testing to AI RMF; institute quarterly red-team exercises across IVR/voice/video.

For Compliance and SIU

  • Audit adherence to CMS recording mandates and HIPAA safeguards; verify retention and sanitization are working as designed.

  • Lead trend analysis on rejection rates and potential bias; ensure accommodations are available and used.

For Front‑Line Agents

  • Do not trust caller ID. Use the Trust Ladder, follow the script, and offer secure callbacks when risk is high.

  • Use clear, empathetic language to explain security steps, and always offer an easy fallback.

For Medicare Beneficiaries and Caregivers

  • It’s OK to ask for a verified callback or to schedule a time you prefer.

  • If anything feels urgent or unusual, hang up and call the number on your plan card or monthly statement. The FTC recommends this approach for suspected voice cloning; see FTC advice.

Appendix: How to spot a deepfake call (for beneficiaries and caregivers)

  • Pressure or panic is a red flag. Scammers want you to act quickly; slow down and verify.

  • Don’t trust caller ID. Numbers can be faked. Hang up, then call back using the number on your plan card or official website.

  • Never share your Medicare number or personal details with someone who called you first. Medicare won’t call to sell you things; see OIG alerts on medical equipment scams.

  • Use call blocking and report unwanted calls. The FTC offers tips in five ways to cut down unwanted calls.

  • Report scams: ReportFraud.ftc.gov and the HHS OIG Hotline at 1‑800‑HHS‑TIPS.

Appendix: Call center standards and access

CMS monitors call centers for service levels and accessibility (including support for beneficiaries with limited English proficiency). Review CMS’s call center monitoring guidance in Part C and Part D call center monitoring.

Article Tags

About the Author

Anastasia Rychkova

Anastasia Rychkova is Vice President and Head of Business & Compliance Strategy at PATech Labs. She drives the company mission to democratize advanced AI while ensuring regulatory compliance across finance, healthcare, and regulated agriculture industries. Anastasia bridges the gap between powerful technology and real-world business needs, overseeing go-to-market strategy, client success, and strategic partnerships.

Content created with AI assistance and verified by human researchers.Learn more

Ready to Build Your Autonomous Growth Engine?

Stop relying on expensive ads and uncertain results. PATech Labs' patent-pending AI Ecosystem isn't just another chatbot or content tool. It's a fully-integrated, self-improving system that creates sustainable organic visibility and converts it into qualified leads. Transform your business with our proven ecosystem used by leaders in cannabis, finance, healthcare, and enterprise sectors.

AI Safety for Medicare Call Centers: Deepfake Defense | PATech Labs