Test your identity theft prevention skills with these questions. Even though the Red Flags Rule enforcement did not go into effect on June 1 as anticipated, you should still be up to speed on protecting your patients (and your office staff) from identity theft. Practices should be doing what they can to put Red Flags Rule into practice as soon as possible for this protection and not wait for the enforcement date. Take this quiz to find out if you'll be ready when the rule goes into effect later this year. Answer These 3 Red Flags Rule Questions Question 1: Question 2: Question 3: Red Flags Rule Will Affect Every Medical Office Answer 1: An article on the Federal Trade Commission's (FTC's) Web site says that "certain businesses and organizations -- including many doctor's offices, hospitals, and other health care providers -- are required to spot and heed the red flags that often can be the telltale signs of identity theft." How it affects you: Your practice is, therefore, a creditor. That means you need to have a policy in place to identify related incidents of potential identity theft, says Jean Acevedo, LHRM, CPC, CHC, CENTC, president of Acevedo Consulting Incorporated in Delray Beach, Fla. The Red Flags Rule requires you to develop a program within your practice that addresses identity theft prevention techniques, as well as tools to detect and deal with any identity theft incidents that may occur in your office. These rules include policies and procedures as well as personnel training in the use of these policies and procedures. HIPAA Compliance Does Not Equal Red Flags Compliance Answer 2: 1. Encourage your senior staff, board of directors, and managers to create a culture of security, Acevedo says. Part of this process should be selecting an identity theft security officer in your practice. Although this does not have to be the same as your privacy officer, it is often the same person as the privacy officer, particularly in smaller practices. 2. Perform a gap analysis of how identifying information is passed and used within your practice, including all verbal, written, and electronic transfers of information. Since your practice should have done this same sort of analysis for HIPAA compliance, "as long as the infrastructure of the practice has not changed too much, practices can revisit the gap analysis they did for HIPAA, update that to remain HIPAA compliant, and then add identity theft," says Ester Horowitz, CMC, CITRMS, certified management counselor and owner/practice marketing advisor with M2Power Inc. in Merrick, N.Y. 3. Educate your employees in the areas of identity theft. "Eighty percent of identity theft has nothing to do with credit cards and credit reports," Horowitz says. Make sure your entire staff understands the impact, that "medical identity theft ... wreaks financial havoc on all parties involved," Horowitz adds. 4. Contact your practice's business associates and vendors to confirm that they are also complying with the Red Flags Rule. Don't Be Fooled by Delay in Rule Implementation Answer 3: Consequences: