FTC Red Flag Rules: What Are They And What Do I Have To Do?

Members should be aware; the FTC has developed Red Flag Rules which require “creditors” – including health care providers -- to conduct a risk assessment to determine if they have accounts at risk for identity theft. These rules went into effect in November, 2008 with an implementation date of May 1, 2009. The AMA disputed the FTC’s inclusion of health care providers as creditors, but the FTC determined that health care providers do fall within the ambit of the rules. According to the Equal Credit Opportunity Act, a “creditor” is “any person who regularly extends, renews or continues credit.” “Credit” is defined as a “deferment of payment for goods or services rendered.” For health care providers, this means every time you submit a health insurance claim to an insurance carrier first, and then bill the patient for co-payments or deductibles after services are rendered you are deferring payment and thus are acting as a “creditor.” Medical identity theft occurs when an individual seeks care using the name or insurance information of another person. This can result if false billing and potentially life-threatening corruption of a patient’s medical records. The bottom line comes in assessing risk in your practice of possible identity theft. The FTC requires that office practice’s have written policies in place – an “Identity Theft Prevention Program” -- and a plan to “prevent and mitigate” the effects of identity theft. If you have a small practice in which all your patients are known to you or your staff, you are at lesser risk and may only need an initial copy of a state issued photo ID that is checked at each visit to ensure that the patient is who he/she says she is. There is greater risk in a large multi-doctor office or facility. It would also be required to have a procedure in place in the event that you are notified by a state or local agency that the consumer’s identity has been misused. In order to assist the membership with implementation of the Red Flag Rules, the NYSCA has put together a “Model Identity Theft Prevention Program” for members. In addition to all the information and contacts you would need in case of identity theft, this includes a “turn key” manual that only requires you to fill in your office information. They do require you to have a meeting to explain the new procedures to your staff. Everything else is done for you. Many groups are selling packages for $100 or more; as a member benefit, the Red Flag Rules package can be downloaded from the NYSCA website free-of-charge. Download your copy, fill in the information and be in-compliance by the May 1, 2009 deadline. Membership has its privileges. Sincerely, Mariangela Penna, DC President, New York State Chiropractic Association GO TO MEMBERS ONLY TO VIEW THE “Model Identity Theft Prevention Program” by clicking on the link below: