Health Information Compliance Alert

IDENTITY THEFT:

No Red Flags Program? You Could Be Losing Thousands

Tip: Institute your Red Flags program ASAP.

You may think the government is implementing the Red Flags Rule in the distant future -- but the Federal Trade Commission (FTC) will begin enforcing it on May 1-- and it can't come soon enough for some practices.

Under the Red Flags Rule, your practice will be required to spot the "red flags" that can signal identity theft. Very recently, a Long Island medical office employee was charged with stealing patients' identities from medical files and using the information to go on a spending spree.

Point of contention: In preparing their Red Flags programs, some practices plan to check patients' identification cards, and some choose to make photocopies or scan the photo ID cards to ensure that patients who present are using their own insurance cards. However, several practices report that they've heard that they should not keep copies of patients' IDs in their systems due to privacy concerns with their HIPAA policies.

Reality: In a Feb. 4 letter to the AMA, the FTC noted that requesting a photo ID at patient visits is "consistent with the objectives of the Red Flags Rule."

Good idea: "It is our recommendation to American Medical Billing Assn. (AMBA) members to have their providers check a photo ID for each encounter," suggests Cyndee Weston, AMBA's executive director."I don't think the ID must be copied each time, but a picture in the patient's medical record for future identification purposes would be beneficial," she advises. Many providers already take a digital picture of the patient for the medical record, which is a "best practice suggestion."

What about HIPAA? "Once you've copied the license or scanned it into your system, you've entered HIPAA territory," says Barbara J.Cobuzzi, MBA, CPC,CPC-H, CPCP, CHCC, senior coder and auditor for The Coding Network, and president of CRN Healthcare Solutions. "You now have to have very strong HIPAA protocols to protect that."

Keep in mind: The case of the Long Island woman should be a reminder that practices should include employee background checks in their Red Flags program, Cobuzzi says.

Other Articles in this issue of

Health Information Compliance Alert

View All