Skip to content

Red Flags Rule

Red Flags rule

The Red Flags Rule to be implemented no later than August 1, 2009, is a federal mandate stating that any creditor must protect customer information from identity theft. Although on the surface it doesn’t seem like health care providers would be subject to this rule, a closer examination of the Red Flags Rules reveals that we are.

According to the Red Flags Rule, health care providers are considered creditors because we provide services and later bill for them. Additionally, we collect billing information from the patient that could be used to steal a patient’s identity.

This is not an uncommon experience. Examples are all over the internet including a woman who was being billed for an operation to amputate her foot. Although the hospital released her from the bill, she was later haunted by erroneous medical information in her records.

In Florida, a hospital employee was found to have stolen billing information for numerous patients that allowed a fraudulent laboratory to bill over 2 million dollars to Medicare.

And one of the worst possible breaches of security was a Massachusetts psychiatrist who billed visits to a client’s insurance company that were never made and also billed visits for the patient’s children who never saw the doctor. Consequently, the children are noted on medical records to suffer from severe depression.

Medical Identity Theft is not a joke!

The Red Flags Rule mandates that we do four things:

  1. Design a written plan to protect your patients’ specific information
  2. Identify risks within your organization
  3. Design procedures for addressing risks and breaches of information
  4. Review the plan annually.

Additionally, it is written in the federal register that all ‘relevant’ employees be educated in the plan. Because so many documents contain pertinent billing information such as social security numbers, Medicare or insurance card numbers, etc., all employees privy to this information should be educated.

Remember, Medical Identity Theft is on the rise and it is suspected that further harm may come to patients as the current administration’s plan to share health care data across providers is implemented.

Questions about the Red Flags Rule can be addressed to or you may leave a comment below. As always, we enjoy hearing from you.

4 Comments Post a comment
  1. Linda Ramos #

    Thank you for all the helpful information you post on the Decision Health list serve. It is always timely and relevant. thanks again.

    July 6, 2009

    • Thank you so much for your kind words.

      July 6, 2009
  2. Pat Montalvo, R.N. Administrator #

    Good Morning Julianne,

    I am interested in purchasing the Policy and
    Procedure you have for Red Flags rules for
    $150.00. Is this something you send via e-mail?
    Can you bill us for this with an Invoice to pay?
    Kindly advise.

    Thank you!

    Pat Montalvo, R.N. Administrator
    Associated Home Health
    3313 W. Commercial Blvd., Suite 113
    Ft. Lauderdale, Florida, 33309
    Phone (954) 938-3500, Ext. 17
    Fax (954) 938-3509

    July 20, 2009

  3. Thank you for all the information you have provided.
    We are interested to buy the Red flag Policy, we have some thing that I’m very happy with please let me know what other poilicies you have

    Anab Ali, RN

    March 4, 2010

Leave a Reply

%d bloggers like this: