HIPAA: HIPAA privacy regulations are for protecting a patient's private data or personal health information (PHI), including, but not limited to, medical records and credit information. You are responsible for ensuring that any private data your office has about a patient does not get released to anyone inappropriately. Red Flags Rule: The Red Flags Rule deals with identity theft. You need to have procedures in place to identify that a patient who comes to your office is really who she says she is. The identity theft occurs outside of your practice, but you need to make an effort to determine every patient who comes to your office is who she says she is. Your practice needs to take affirmative action to make all attempts to the best of your ability to recognize anyone who may have stolen your patients- or employees- identities. Warning: Red Flags for identity theft may crossover with those related to prevention of theft for PHI, and thus the two concepts, though distinct, do overlap.