Red Flags Rule
Red Flags rule
The Red Flags Rule to be implemented no later than August 1, 2009, is a federal mandate stating that any creditor must protect customer information from identity theft. Although on the surface it doesn’t seem like health care providers would be subject to this rule, a closer examination of the Red Flags Rules reveals that we are.
According to the Red Flags Rule, health care providers are considered creditors because we provide services and later bill for them. Additionally, we collect billing information from the patient that could be used to steal a patient’s identity.
This is not an uncommon experience. Examples are all over the internet including a woman who was being billed for an operation to amputate her foot. Although the hospital released her from the bill, she was later haunted by erroneous medical information in her records.
In Florida, a hospital employee was found to have stolen billing information for numerous patients that allowed a fraudulent laboratory to bill over 2 million dollars to Medicare.
And one of the worst possible breaches of security was a Massachusetts psychiatrist who billed visits to a client’s insurance company that were never made and also billed visits for the patient’s children who never saw the doctor. Consequently, the children are noted on medical records to suffer from severe depression.
Medical Identity Theft is not a joke!
The Red Flags Rule mandates that we do four things:
- Design a written plan to protect your patients’ specific information
- Identify risks within your organization
- Design procedures for addressing risks and breaches of information
- Review the plan annually.
Additionally, it is written in the federal register that all ‘relevant’ employees be educated in the plan. Because so many documents contain pertinent billing information such as social security numbers, Medicare or insurance card numbers, etc., all employees privy to this information should be educated.
Remember, Medical Identity Theft is on the rise and it is suspected that further harm may come to patients as the current administration’s plan to share health care data across providers is implemented.
Questions about the Red Flags Rule can be addressed to Haydelconsultingservices@bellsouth.net or you may leave a comment below. As always, we enjoy hearing from you.