Advanced Search

Health Information Compliance Alert

Identity Theft:

Act Quickly If Your Practice Identifies a Red Flag

Published on Fri Mar 27, 2009 Print Friendly and PDF PDF

Identity theft is nearly a $50 billion industry.

You've implemented a Red Flags program at your practice -- but do you know what to do if you identify an issue?

Your practice should not only determine how you'll identify red flags but also create steps to deal with them.

For instance: If you decide to copy patients' ID cards at their visits, you'll need to do more than just make copies or scan the cards. Your employees should be on the lookout for discrepancies.

"We've identified the following as a red flag regarding patient IDs," says Cyndee Weston, executive director of the American Medical Billing Association: "A photograph or physical description contained on the identification presented is not consistent with the appearance of the person presenting the ID or there are obvious differences between the age, gender, or ethnicity."

If there is a breach, offices should be asking these questions, Weston advises:

• How do we control a breach?

• How do we determine what happened and what information was subject to the improper use?

• How do we mitigate the breach (including recovering lost data for internal purposes)?

• What do we need to do to ensure this doesn't happen again?

• Do we have to notify anyone?

• If so, who must we notify and through what means?

• If we don't "have to" notify, should we notify anyway?

• Is there anyone else we need to notify (clients, regulators,etc.)?

"Practices should take a proactive approach and react accordingly," Weston advises.

Don't be daunted: Some patients may balk at your tighter patient identity protocols, but you should remind them that your goal is to ensure that no one else is using their identity to get medical care.

"Medical identity theft is not just financial theft, but also affects the patient's medical records, blood type,diagnoses, etc., and the resolution of that information can take a long time," says Barbara J. Cobuzzi, MBA,CPC,CPC-H, CPC-P,CHCC, president of CRN Healthcare Solutions. "Lack of identification of this theft can lead to medical crisis or even death -- or example,being given the wrong blood type because the medical records carry the thief's blood type."

Be aware: Identity theft isn't just a rare occurrence in medical practices. "The FTC conducted a survey and found that 4.5 percent of the 8.4 million victims of identity theft in 2007 were related to medical services," Weston says.

"My statistics show that in 2007 identity theft cost $49.3 billion, the mean per fraud victim cost was $5,720,and it took an average of 25 hours to resolve issues related to the theft," Weston says. "Only 15 percent of victims find out due to a proactive action taken by a business and 85 percent find out in a negative manner."

Other Articles in this issue of

Health Information Compliance Alert

View All