Test your staffers' savvy with these 5 scenarios. Your Red Flags Rule extension is almost up, meaning your agency must be prepared to stop identity theft in its tracks -- or face Federal Trade Commission scrutiny. Originally slated for May 1, the final compliance deadline for the Red Flags Rule is less than two weeks away. And while "complying with this rule is not going to be burdensome," you do need to make sure your aides are on the lookout for foul play, stresses Robert Markette with Gilliland & Markette in Indianapolis. Here's how: Give staff members the five scenarios described below. Ask them to point out where the red flags are and how they should respond to them, then share our expert's answers. Scenario #1: You meet with a new homebound client. She is elderly and has not driven a car in years; therefore she has no recent picture identification. You ask for a form of ID, and she hands you her driver's license from years back. What do you do? Answer: Ask for "multiple, separate points of identification," Markette suggests. While a recent photo ID is your best defense against identity theft, it isn't your only one. For instance, in this scenario, you could ask for a birth certificate or Social Security card along with a recent utility bill as proof that the person is who she claims she is. Scenario #2: During your patient's assessment, he shares medical history information that conflicts with what's in your referral or what you documented from a previous episode. What do you do? Answer: Verify the patient's identity and do some research, Markette advises. Your first step is to ask the patient to present his identification materials again in case something slipped past you the first time. For instance, perhaps he offered a Social Security number but didn't have his card in hand (huge red flag, Markette notes) or he only offered a driver's license without any back-up materials. Next step: Even if your patient provided some back-up identity information, you should check with the referring provider or previous agencies to figure out why there's a discrepancy between his verbal testimony and what's written in his file. Scenario #3: You receive additional medical information for a new client from the referring provider or previous agency, but it doesn't match up with the assessment you just performed. What do you do? Answer: Confer with the referring provider to determine why the information doesn't match up, Markette says. There are two likely reasons for the conflicting information -- either the provider who referred the patient to you served an identity thief, or you're serving one now. Put your heads together to determine which person is the patient and which is the identity thief. Scenario #4: You have been working with a client for several weeks. Today she calls to complain that she has received a bill or Explanation of Benefits (EOB) for care that she never received or that the bill was sent to her address, but she doesn't recognize the name. What do you do? Answer: Carefully explain the bill or EOB to the caller so that she knows exactly what she's looking at and why. Her reaction could be a simple case of confusion -- or she could be the victim of identity theft. Once you rule out confusion, you must launch an investigation into who received the services and how they slipped past theft-prevention measures or strategies. Example: A hospital in Colorado recently realized that an identity thief used another person's name and medical information to obtain a surgery he didn't want to pay for. The scam was discovered when the wronged party called the hospital to complain about the incorrect billing, Markette explains. Scenario #5: You ask your patient for separate pieces of identifying information and she provides them -- but something about them looks "off" to you. What do you do? Answer: Trust your instincts, Markette urges. If the identification your patient presents looks fake, then it probably is. You should immediately follow the procedures your agency has outlined for dealing with an identity thief. Next step: If you determine that your patient is an identity thief or has been the victim of one, you must immediately kick off your mitigation policies and procedures, Markette says. This will include notifying the patient so that he can clean up his medical record and protect it from future theft, he adds. Resources: Brush up on the Red Flags Rule at www2.ftc.gov/redflagsrule.