Advertisement
American Academy of Family Physicians
Home Page > News & Publications > Journals > FPM > Blogs > Noteworthy

Search AAFP
 
Advanced Search

« Medical-legal partne... | Main | Obama: "We're not... »
Thursday Apr 23, 2009

Waving a white flag for Red Flags compliance

As if CLIA, OSHA and HIPAA enforcement aren't burdensome enough, the deadline to implement the new federal Identity Theft Red Flags Rule is looming. Your practice may be required to have anti-identity theft measures in place by Aug. 1.

The Federal Trade Commission, which will enforce the new regulations, surprised many in medicine earlier this year by determining that the rules also apply to health care organizations, not just financial institutions and lenders as originally thought.

Whether your practice is subject to the Red Flags Rule depends on whether your practice’s specific billing and collection practices qualify you a "creditor."

“Under the rule, a physician or practice is a creditor if they extend 'credit,' which means they regularly defer payment for goods or services and have covered accounts. A covered account is (1) an account primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, or (2) any other account for which there is a reasonably foreseeable risk to customers, or the safety and soundness of the financial institution or creditor, from identity theft.”

In other words, a practice (or physician) is considered a creditor if it does not regularly demand payment in full for services at the time of service.

Practices subject to the Red Flags Rule must develop, implement and administer an Identity Theft Prevention Program that includes four basic elements:

1. Reasonable policies and procedures to identify suspicious patterns or practices, or specific activities that indicate the possibility of identity theft in your practice.
2. Procedures for detecting the red flags you’ve identified.
3. An action plan to follow when a red flag is detected.
4. A plan for re-evaluating your program at least annually to reflect new risks.

The Red Flags Rule requires that the program be incorporated into the daily operations of the practice, that it be clear who is responsible for implementing and administering it and that staff be trained accordingly. The AAFP has developed a PowerPoint presentation to help members and their staff learn about and implement the Red Flags Rule. This is one of several resources available at the AAFP's Identity Theft Red Flags Rule Web page.

Posted at 02:49PM Apr 23, 2009 by Lynn Hofeldt  |  Comments[0]

« Medical-legal partne... | Main | Obama: "We're not... »
Comments:

You must be logged in to view or post comments. Login

Recent Entries
Search This Blog

Disclaimer
The views expressed here are those of the individual authors. They do not necessarily reflect the opinion of Family Practice Management (FPM) or the AAFP. The FPM blogs are not intended to provide medical, financial or legal advice. For more information see Terms of Use.
Feeds
Links
Tag Cloud
@fpmjournal accountable_care_organization aco advanced_access care centers_for_medicare_&_medicaid_services cme cms e-prescribing ehrs electronic_records epidemic_preparedness erx fpmjournal future_of_family_medicine h1n1 health health_care_costs health_care_reform match medical_home medicare patient-centered-medical-home pcmh pqri primary_care_shortage reform reimbursement technology workforce
Current Issue of FPM
Archive