Ensure your practice is ready by May 1 with a top-notch plan. Youve got less than a month to implement your Red Flags Rule program, but dont stress too much. Take a look at these tips, courtesy of Barbara Colburn, director of operations for a billing service in Wisconsin, and president of Total Health Care Solutions, a healthcare consulting firm, and set up your program with ease. 1. Identify what the program is and who is affected. Your plan should outline why the practice members need to know about the Red Flags Rule and name all of the covered entities (offsite facilities, labs, clinics, etc.) 2. Identify red flags. Make a list letting your staff know what they should be looking for regarding identity theft. For instance, theyll want to be on the lookout for potentially forged documents or an identification document with a photo, name, or age that doesnt appear to match the information on their insurance card. In some cases, Colburn says, you may notice that several patients list the same phone number, address, or Social Security number. Thats something you should investigate. Or, the patient may refuse to fill out identifying information on his new patient registration form. In other cases, the patient may give you his insurance information but is never able to produce the insurance card. 3. Keep billing in mind. Not all red flags will occur while the patient is present --some may crop up later. For example: You submit bills or other mail to a patient and you notice that the mail is repeatedly returned as undeliverable, although transactions continue to occur in connection with the patients account. 4. Look for victims, too. In addition to watching out for perpetrators of identity theft, you should also be on the lookout for victims, Colburn advises. For instance: Someone might complain about a collection notice from your practice even though shes never been there. Or, she might find shes reached her cap on her benefits, even though she hasnt seen the doctor all year. 5. Take action. Your program must list the steps that your employees should take if they detect a red flag event. For example, if your practice has a privacy officer on staff, you might have the staffers report the breach to that officer first. Or, you might have them enter the information in the red flag database first -- the important thing is that you establish a process so you can alert the board of directors to how youll handle the breach. In some cases, you might quickly contact the patient; in other instances, you may feel the need to notify law enforcement immediately -- your red flag plan should cover all of the possible responses to a red flag breach. 6. Head off breaches. Your red flag plan should outline how you can prevent identity theft in your practice. For instance, you might institute a policy of scanning a copy of the patients photo ID on each visit, Colburn suggests. Important: Dont refuse care or delay treatment for any reason for patients in emergency situations just because theyve forgotten their ID.