Ensure your practice is ready by May 1 with a top-notch plan. You-ve got less than two months to implement your Red Flags Rule program, but don't stress too much. Take a look at these tips, courtesy of Barbara Colburn, director of operations for a medium-sized billing service in Wisconsin, and president of Total Health Care Solutions, a healthcare consulting firm, and set up your program with ease. 1. Identify what the program is and who is affected. Your plan should outline why the practice members need to know about the Red Flags Rule and name all of the covered entities (offsite facilities, labs, clinics, etc.) 2. Identify -red flags.- Make a list letting your staff know what they should be looking for regarding identity theft. For instance, they-ll want to be on the lookout for potentially forged documents or an identification document with a photo, name, or age that doesn't appear to match the information on their insurance card. In some cases, Colburn says, you may notice that several patients list the same phone number, address, or social security number. That's something you should investigate. Or, the patient may refuse to fill out identifying information on his new patient registration form. In other cases, the patient may give you his insurance information but is never able to produce the insurance card. 3. Keep billing in mind. Not all red flags will occur while the patient is present -- some may crop up after the fact. For example: You submit bills or other mail to a patient and you notice that the mail is repeatedly returned as undeliverable, although transactions continue to occur in connection with the patient's account. 4. Look for victims, too. In addition to watching out for perpetrators of identity theft, you should also be on the lookout for victims, Colburn advises. For instance: Someone might complain about a collection notice from your practice even though she's never been there. Or, she might find she's reached her cap on her benefits, even though she hasn't seen the doctor all year. 5. Take action. Your program must list the steps that your employees should take if they detect a red flag event. For example, if your practice has a privacy officer on staff, you might have the staffers report the breach to that officer first. Or, you might have them enter the information in the red flag database first -- the important thing is that you establish a process so you can alert the board of directors to how you-ll handle the breach. In some cases, you might quickly contact the patient; in other instances, you may feel the need to notify law enforcement immediately -- your red flag plan should cover all of the possible responses to a red flag breach. 6. Head off breaches. Your red flag plan should outline how you can prevent identity theft in your practice. For instance, you might institute a policy of scanning a copy of the patient's photo ID on each visit, Colburn suggests. Important: Don't refuse care or delay treatment for any reason for patients in emergency situations just because they-ve forgotten their photo ID or other identifying document.