HIPAA Red Flags Rule
The HIPAA (Health Insurance Portability and Accountability Act) Red Flags Rule is intended to guard against patient identity theft. The HIPAA Red Flags Rule covers all creditors, in which category it includes healthcare providers who hold and manage patient accounts.-
Identify Red Flags
-
The first step is to identify and mark out scenarios of potential identity theft that occur in normal business. All the billing and payment practices followed by healthcare providers must be reviewed, and these should surpass the Red Flags Rule in terms of protecting patients' identities. For instance, a patient who presents a social security card for identification that looks as if it might be fake would be a "red flag" for your business.
Detect Red Flags in Routine Business
-
Doctors and other healthcare providers are advised to examine and thoroughly review three documents regarding the Red Flags Rule that are available on the HIPAA site in order to help them determine their responsibilities in compliance with the Red Flags Rule. One such document is "Fighting Fraud with the Red Flags Rule."
Mitigate and Limit the Damage
-
When Red Flags are identified, it is important to prevent subsequent theft of the information pertaining to patients' identities, as well as mitigate any damage. Proper checks and measures should be instituted (including having standard operating procedures, relevant escalation points and effective alternative strategies) to guard against operational and reputation risks.
Raise Awareness in Staff
-
Staff should be up to date with the changing dynamics and risks of identity theft. Training and awareness programs should be regularly conducted, so as to ensure that all members are updated and informed about the Red Flags rule, and how to handle such situations.
-