Red Flag Rules & Healthcare
The Federal Trade Commission issued a set of regulations known as the "Red Flags Rule" in November 2007 that would require specified businesses and organizations to develop written identity theft prevention plans that would protect consumers by detecting warning signs, or red flags. The FTC states that Red Flags Rule apply to financial institutions and creditors, which can include health care providers.-
Health care Providers as "Creditors"
-
According to the FTC, "the definition of 'creditor' is broad, and includes businesses or organizations that regularly provide goods or services first and allow customers to pay later," such as health care providers. Physicians who accept insurance or allow payment plans for patients are deemed as "creditors."
Medical Identity Theft
-
The Red Flags Rule is designed to protect individuals from identity theft, specifically medical identity theft in the health care industry. According to the American Medical Association, "medical identity theft occurs when someone uses a person's name and sometimes other parts of their identity... without that person's knowledge or consent to obtain or make false claims for medical services or goods."
Red Flags Defined
-
Red flags are defined as suspicious activity or signs that could suggest identity theft. Health care providers should take note of alerts or messages from consumer reporting agencies, suspicious documents or forms of personal identification or unusual activity regarding a patient's account.
Requirements
-
The FTC acknowledges some flexibility for health care providers as long as the basic requirements are met, which include the written identification of the kinds of red flags relevant to the individual practice and a clear system for detecting and preventing them.
-