Part B Insider (Multispecialty) Coding Alert

Determine whether your practice is a 'creditor,' and make up your plan accordingly.

After a year's worth of extensions of the Red Flags Rule, some medical practices may have tucked the new privacy rules into the backs of their minds. But it's time to buckle down and ensure that your plan is in place, because the rule finally will take effect on Nov. 1.

What is it? Under the Red Flags Rule, "certain businesses and organizations -- including many doctor's offices, hospitals, and other health care providers -- are required to spot and heed the red flags that often can be the telltale signs of identity theft," according to an article on the Federal Trade Commission's Web site. "To comply with the new Red Flags Rule ... you may need to develop a written 'red flags program' to prevent, detect,and minimize the damage from identity theft."

Who is affected? According to the FTC, the rule applies to businesses that qualify as "creditors" or "financial institutions." But don't take a sigh of relief just yet -- the rule probably does apply to you.

"Health care providers are creditors if they bill consumers after their services are completed," the FTC Web site says. "Health care providers that accept insurance are considered creditors if the consumer ultimately is responsible for the medical fees. However, simply accepting credit cards as a form of payment does not make you a creditor under the rule."

How can you prepare? You should institute a red flags program in your practice, which you'll need to revisit at least annually and more often as needed.

The rule requires you to develop and implement a written program to detect and respond to the red flags of identity theft, the FTC's Web site says. "If you aren't considered a 'creditor' according to FTC standards, you still need to conduct periodic assessments to determine whether you acquire any accounts that subsequently make you considered a creditor," says Allison Larro, Esq., an Atlanta-based attorney.