Red Flag Rules Combat PHI Theft May 1
The new Red Flags Rules go into effect May 1. These rules, enforced by the Federal Trade Commission (FTC), are meant to combat consumer identity theft, and apply to any business qualifying as a creditor or financial institution under the law.
Many doctor’s offices, hospitals, and other health care providers qualify as creditors according to the FTC and will be required to spot and heed the red flags that are often telltale signs of identity theft. To comply with the new Red Flags Rules, your practice may need to develop a written red flags program to prevent, detect, and minimize the damage from identity theft.
The FTC identifies four basic steps to designing a program to comply with the Rules:
1. Identify Relevant Red Flags;
2. Detect Red Flags;
3. Prevent and Mitigate Identity Theft; and
4. Update Your Program Periodically.
There are no criminal penalties for failing to comply with the Red Flags Rules, but noncompliant organizations may be subject to civil monetary penalties. “But,” notes the FTC, “there’s an even more important reason for compliance: It assures your consumers that you are doing your part to fight identity theft.”
To learn more on the Red Flags Rules and how they pertain to medical practices, visit the FTC Web site or read the article “Red Flags Rule Protects Patients” on page 18 of February’s issue of Coding Edge magazine. Guidelines for developing a red flag program are outlined in the Federal Register, pages 63773-63774.