The Red Flags Rule

HalamkaYou may have seen the recent headlines “FTC delays Red Flags Rule
implementation until August 2009”. What is the Red Flags Rule and how
does it relate to healthcare?

The FTC has a great website that it explains it all in detail.

the FTC requires most clinical offices, hospitals, and other health
care providers to develop a written program to spot the warning signs
of identity theft – “red flags”  If a patient’s name on a photo ID and on their insurance card do not match, that’s a red flag. If a patient visited last week as John Smith but today is Fred Jones, that’s a red flag. If patient seems to travel from provider to provider seeking numerous expensive treatments, that’s a red flag.

law was initially designed to cover creditors and it seems odd for
healthcare providers to be considered creditors. The FTC defines a
creditor as anyone who enables the customer to carry a balance after
services are rendered. Unless a clinician asks for payment upfront (all
balances not covered by insurance), the clinician is a creditor.

FTC will be begin enforcement August 1, 2009, so it’s important to
develop policies and procedures to address red flags in healthcare

What is BIDMC doing?

We are actively working to
develop procedures and an educational plan. We created an
interdisciplinary group that includes IS, Compliance, Finance, Patient
Financial Services, clinicians, Human Resources , Ambulatory Services,
Health Information Management, and others to examine Red Flags, but
also the broader issues of HITECH/ARRA privacy provisions, and new Massachusetts Data Protection regulations.
First, we will finish our Red Flags program and implement it, then we
will move on to working on the other issues. We have not finalized our
specific policy, but have already reported to the Board of Directors
and to senior leadership about the issues and the work we are doing. As
soon as the policy is finalized, I will post it on my blog.

If you have not begun a program to address compliance with the Red Flag rule, now is the time!

7 replies »

  1. BTW, the same thing applies to cashiers who take the 4 digit card code. The fact that “I” have a card – scanned in person and in my possession should be sufficient. The code should only be use for certain sales over the phone or where the card is not physically accessible by the vendor.
    Now that the code is in the data base, ANYONE with the credit card number, can call and use the card number since they now also have that “check card possesion” number… Who looses? No me, the CC & Banks for refusing to use a smartcard, like they have in the rest of the world.

  2. With Red Flag, most people do not understand the requirements and think all they have to do is develop a policy and train the employees. This does NOT make them compliant. We have the only web based 100% Compliant Red Flag Program available. Visit us online, we have all the steps to make you compliant. If you are not compliant, the fines are big.

  3. this makes me angry that the f***s that bone our government is boning the whole country. It is maddening to watch our gov do things that are bad for tax payers

  4. We offer a no cost training course for this to your employees of all medical and dental offices, with certification of the training, in exchange for the opportunity to present Identity Theft Shield as a fringe benefit program or individual program for all employees. Training will be by a Certified Identity Theft and Risk Management Specialist. Most areas of the United States are covered by this offer.

  5. All on top of the hundreds of thousands of Americans who needlessly lose their lives in America each year from a rush to profit by the private for profit healthcare industry. Rich, middle class, and poor a like. Insured, and uninsured. Men Women, Children, and Babies.

  6. It saddens me that this is even necessary. Yet another regulation to drive up costs, because the bad apples in society tend to ruin it for everyone.

  7. Seems like this effort is totally pointless, since most theft in healthcare is simply not paying the bill, no matter what your name is. Second, it is counter to EMTALA, where any person can request a medical screening exam, even before any financial or identity info can be obtained or verified. It is one more policy making the system responsible for the bad behavior of people.