Tip: Institute your Red Flags program ASAP.
Under the Red Flags Rule, your practice will be required to spot the "red flags" that can signal identity theft. Very recently, a Long Island medical office employee was charged with stealing patients' identities from medical files and using the information to go on a spending spree.
Point of contention: In preparing their Red Flags programs, some practices plan to check patients' identification cards, and some choose to make photocopies or scan the photo ID cards to ensure that patients who present are using their own insurance cards. However, several practices report that they've heard that they should not keep copies of patients' IDs in their systems due to privacy concerns with their HIPAA policies.
Reality: In a Feb. 4 letter to the AMA, the FTC noted that requesting a photo ID at patient visits is "consistent with the objectives of the Red Flags Rule."
Good idea: "It is our recommendation to American Medical Billing Assn. (AMBA) members to have their providers check a photo ID for each encounter," suggests Cyndee Weston, AMBA's executive director."I don't think the ID must be copied each time, but a picture in the patient's medical record for future identification purposes would be beneficial," she advises. Many providers already take a digital picture of the patient for the medical record, which is a "best practice suggestion."
What about HIPAA? "Once you've copied the license or scanned it into your system, you've entered HIPAA territory," says Barbara J.Cobuzzi, MBA, CPC,CPC-H, CPCP, CHCC, senior coder and auditor for The Coding Network, and president of CRN Healthcare Solutions. "You now have to have very strong HIPAA protocols to protect that."
Keep in mind: The case of the Long Island woman should be a reminder that practices should include employee background checks in their Red Flags program, Cobuzzi says.