Health-care identity theft causes untrue entries into existing medical records at doctor’s offices, pharmacies, hospitals, and insurance companies. These erroneous entries made to victims’ medical files may not be corrected for years or even not discovered. Medical identity theft victims may not get proper medical treatment or may find their health insurance destroyed. Health-care providers who do false billing of victims of identity theft may be required to disregard all its health-care expenses. Medical identity thieves may steal physician’s name, license number or any other account information, forge a signature or prescriptions. Health-care providers and plans may lose its prestige which in turns results in irreversible business consequences.
To prevent and detect identity theft, the “Red Flags” Rule is enforced by the Federal Trade Commission (FTC) requires all financial institutions and creditors including physician offices, to develop and implement written identity theft prevention program for detection, prevention and mitigation of identity theft in connection with the covered account. As per FTC’s rules, physicians who regularly bill their patients for services rendered are considered creditors and required to comply with the Red Flags rules. Red Flags Rule covers:
- Insurance Claim Information.
- Credit Card Details.
- Tax Identification Numbers.
- Background checks for employees and service providers.
Formerly, health-care industry was tagged as technology laggard as no electronic system maintained for health records. The ultimate objective of Health Care entities is to become highly efficient providers of quality patient care, equip system to maintain electronic health records and information and securely control critical aspects of patient safety care. Complete compliance to Red Flags Rule by health-care sector is necessary to protect the patient identity and protects the organization from penalties and criminal convictions arising due to any lapse.
Red Flags rule ensures privacy of patient health information.
Read more on, Red Flags rule at, www.empowerbpo.com
Update: Federal Trade Commission has once again delayed compliance deadline of Red Flags Rule until June 1, 2010 for financial institutions and creditors as per the request of Members of Congress
The Federal Trade Commission (FTC) under the Fair and Accurate Credit Transactions Act of 2003 issued set of regulations, known as “Red Flags Rule”, requiring all financial institutions and creditors including physician offices to develop and implement written identity theft prevention programs to deter, prevent and mitigate client identity theft. According to FTC’s guidelines, physicians who regularly bill their patients for services provided are considered as creditors and required to comply with the Red flag rules.
Although the rules originally scheduled for a Nov. 1, 2008 compliance date, the FTC has now delayed the enforcement date of the Red Flags Rule until June 1, 2010 as AMA has objected to the FTC’s interpretation that physician practices are “creditors” when they accept insurance and bill patients after services are provided or if they allow patients to set up payment plans after services have been provided. AMA intends to utilize this time to convince the FTC to republish the rule so that there is sufficient opportunity to formally comment and state the AMA’s objections to physician inclusion in the program. Also AMA has prepared a guidance document along with sample policies so that members can incorporate a simple identity theft prevention and detection program into their existing compliance and HIPAA security and privacy policies.
The Federal Trade Commission states that delay of enforcement will enable these entities sufficient time to establish and implement appropriate identity theft prevention programs to stay in compliance with the rule. The Commission staff has continued to provide guidance to entities within its jurisdiction, both through materials posted on the dedicated Red Flags Rule Website (www.ftc.gov/redflagsrule), and in speeches and participation in seminars, conferences and other training events to numerous groups. The Commission also published a compliance guide for business, and created a template that enables low risk entities to create an identity theft program with an easy-to-use online form. FTC staff has published numerous general and industry-specific articles, released a video explaining the Rule, and continue to respond to inquiries from the public. To assist further with compliance, FTC staff has worked with a number of trade associations that have chosen to develop model policies or specialized guidance for their members.
Resource: Federal Trade Commission
Hello Folks today i would like to get you some insights about a very identical rule and regulation to HIPAA.
Federal Trade Commission’s Red Flag Rule.
Red Flag Rule consist of Identity theft prevention program that aims to detect, prevent and mitigate identity theft covering existing or new accounts. The program must be appropriate to the size and complexity of the creditor and the nature and scope of its activities. Identity theft takes place when someone uses another’s personal identifying information to commit fraud or crimes.
How Red Flag Rules differ from HIPAA privacy and security rules?
Protected Health Information as defined by HIPAA is covered by Red Flag Rules, but the Rule extends to other information:
- Insurance Claim Information
- Credit Card Details
- Tax Identification numbers
- Background checks for employees and service providers.
So you see there is a thin line difference between the two and thus i hope this rule would be in implementation soon that would in return prevent Information theft.
FTC’s Red Flag rule that was to be implied on Healthcare industry on the August 1st 2009 has finally delayed further. It seems AMA is quite against this one as they are very sure about the prevention of health information through HIPAA. Here’s a news feed.
The Red Flag Rules enforced by the Federal Trade Commission under the Fair and Accurate Credit (FACT) Act of 2003 require all financial institutions and creditors including physician offices, to develop and implement written identity theft prevention programs. As per FTC’s guidelines, physicians who regularly bill their patients for services provided are considered creditors and required to comply with the Red flag rules. Although the rules originally scheduled for a November 1, 2008 compliance date, the FTC has now delayed the enforcement date of the Red Flags Rule until November 1, 2009 which follows two earlier extensions to May 1 and then later to August 1, 2009.
It is figured out by FTC that every year, about 9 million Americans becomes victim of identity theft. FTC announced an increase in the penalties from $2500 to $3500 per violation of the Fair Credit Reporting Act, which covers Red Flag Rules, address discrepancy and associated sharing rules.