Home Health & Hospice Week

Compliance:

FOLLOW THESE 4 TIPS TO STEER CLEAR OF FTC RED FLAGS SANCTIONS

Documentation of your red flags plan is key.

You've got just two months to implement your red flags program required of many health care providers by the Federal Trade Commission (see related story, p. 77).

Use these tips from Barbara Colburn, director of operations for a billing service in Wisconsin, and president of Total Health Care Solutions, a healthcare consulting firm, to make sure you're in compliance by the May 1 deadline:

1. Identify what the program is and who is affected. Your plan should outline why staffers need to know about the red flags rule, and name all of the covered entities.

2. Identify 'red flags.' Make a list letting your staff know what they should be looking for regarding identity theft. For instance, they'll want to be on the lookout for potentially forged documents or an identificationdocument with a photo, name, or age that doesn't appear to match the information on the patient's insurance card.

Or the patient may give you his insurance information but is never able to produce his actual insurance card.

3. Take action. Your red flags program must list the steps that your employees should take if they detect a red flag event.

For instance, if you have a privacy officer on staff, you might have staffers report a breach to that officer first. Or, you might have them enter the information in the red flags database first -- the important thing is that you establish a process so you can alert the board of directors of how you'll handle the breach.

In some cases, you might quickly contact the patient; in other instances, you may feel the need to notify law enforcement immediately -- your red flags plan should cover all of the possible responses to a red flags breach.

4. Head off breaches. Your red flags plan should outline how you can prevent identity theft in your company.

Note: To read the FTC's advice about the rule, visit www.ftc.gov/bcp/edu/pubs/articles/art11.shtm.