Checking patients' photo IDs is a good idea, experts say. Under the Red Flags Rule, you will be required to spot the "red flags" that can signal identity theft (see Eli's HCW, Vol. XVIII, No. 1, p. 3)."Health care providers are creditors if they bill consumers after their services are completed," the National Association for Home Care & Hospice reminds its members. "Health care providers that accept insurance are considered creditors if the consumer ultimately is responsible for the medical fees." In preparing their Red Flags programs, some providers plan to check patients' identification cards to ensure that patients are using their own Medicare or insurance cards. In a Feb. 4 letter to the American Medical Association, the FTC noted that requesting a photo ID at patient visits is "consistent with the objectives of the Red Flags Rule." Good idea: "It is our recommendation to American Medical Billing Association members to have their providers check a photo ID for each encounter," suggests AMBA's Cyndee Weston. Why it's important: Recently a Long Island medical office employee was charged with stealing patients' identities from medical files and using the information to go on a spending spree. The case of the Long Island woman should be a reminder that providers should include employee background checks in their Red Flags program, says Barbara J. Cobuzzi, senior coder and auditor for The Coding Network, and president of CRN Healthcare Solutions. Follow Through With Your Red Flags Rule Plan You may be on the ball and have implemented a Red Flags program at your home care organization already, but do you know what to do if you identify an issue? You should not only determine how you'll identify red flags, but also create steps to deal with any that arise. For instance: If you decide to check patients' ID cards for visits, your employees should be on the lookout for discrepancies. "We've identified the following as a red flag regarding patient IDs," Weston says: "A photograph or physical description contained on the identification presented is not consistent with the appearance of the person presenting the ID or there are obvious differences between the age, gender, or ethnicity." If there is a breach, providers should be asking some vital questions, Weston advises. (See box,p. 102, for questions). But remember that you don't have to implement a program that's out of proportion to your organization. "FTC is flexible about the design and implementation of a program," NAHC points out. "It should be appropriate to the size and complexity of the entity and the nature of its operations." Worth The Hassle Don't be daunted: Some patients may balk at your tighter patient identity protocols, but you should remind them that your goal is to ensure that no one else is using their identity to get medical care. "Medical identity theft is not just financial theft but also affects the patient's medical records,blood type, diagnoses, etc., and the resolution of that information can take a long time," says Cobuzzi."Lack of identification of this theft can lead to medical crisis or even death -- for example, being given the wrong blood type because the medical records carry the thief's blood type." Be aware: Identity theft isn't just a rare occurrence in the medical field. "The FTC conducted a survey and found that 4.5 percent of the 8.4 million victims of identity theft in 2007 were related to medical services," Weston says. "My statistics show that in 2007, identity theft cost $49.3 billion, the mean per fraud victim cost was $5,720 and it took an average of 25 hours to resolve issues related to the theft," Weston says. "Only 15 percent of victims find out due to a proactive action taken by a business and 85 percent find out in a negative manner." Note: To read the FTC's Red Flags Rule advice for health care providers, go to www.ftc.gov/bcp/edu/pubs/articles/art11.shtm.