The FTC has a great website that it explains it all in detail.
the FTC requires most clinical offices, hospitals, and other health
care providers to develop a written program to spot the warning signs
of identity theft – “red flags” If a patient’s name on a photo ID and on their insurance card do not match, that’s a red flag. If a patient visited last week as John Smith but today is Fred Jones, that’s a red flag. If patient seems to travel from provider to provider seeking numerous expensive treatments, that’s a red flag.
law was initially designed to cover creditors and it seems odd for
healthcare providers to be considered creditors. The FTC defines a
creditor as anyone who enables the customer to carry a balance after
services are rendered. Unless a clinician asks for payment upfront (all
balances not covered by insurance), the clinician is a creditor.
FTC will be begin enforcement August 1, 2009, so it’s important to
develop policies and procedures to address red flags in healthcare
What is BIDMC doing?
We are actively working to
develop procedures and an educational plan. We created an
interdisciplinary group that includes IS, Compliance, Finance, Patient
Financial Services, clinicians, Human Resources , Ambulatory Services,
Health Information Management, and others to examine Red Flags, but
also the broader issues of HITECH/ARRA privacy provisions, and new Massachusetts Data Protection regulations.
First, we will finish our Red Flags program and implement it, then we
will move on to working on the other issues. We have not finalized our
specific policy, but have already reported to the Board of Directors
and to senior leadership about the issues and the work we are doing. As
soon as the policy is finalized, I will post it on my blog.
If you have not begun a program to address compliance with the Red Flag rule, now is the time!