The Red Flags Rule
You may have seen the recent headlines "FTC delays Red Flags Rule implementation until August 2009". What is the Red Flags Rule and how does it relate to healthcare?
The FTC has a great website that it explains it all in detail.
Basically, the FTC requires most clinical offices, hospitals, and other health care providers to develop a written program to spot the warning signs of identity theft - “red flags”
If a patient's name on a photo ID and on their insurance card do not match, that's a red flag.
If a patient visited last week as John Smith but today is Fred Jones, that's a red flag.
If patient seems to travel from provider to provider seeking numerous expensive treatments, that's a reg flag.
The law was initially designed to cover creditors and it seems odd for healthcare providers to be considered creditors. The FTC defines a creditor as anyone who enables the customer to carry a balance after services are rendered. Unless a clinician asks for payment upfront (all balances not covered by insurance), the clinician is a creditor.
The FTC will be begin enforcement August 1, 2009, so it's important to develop policies and procedures to address red flags in healthcare settings.
What is BIDMC doing?
We are actively working to develop procedures and an educational plan. We created an interdisciplinary group that includes IS, Compliance, Finance, Patient Financial Services, clinicians, Human Resources , Ambulatory Services, Health Information Management, and others to examine Red Flags, but also the broader issues of HITECH/ARRA privacy provisions, and new Massachusetts Data Protection regulations. First, we will finish our Red Flags program and implement it, then we will move on to working on the other issues. We have not finalized our specific policy, but have already reported to the Board of Directors and to senior leadership about the issues and the work we are doing. As soon as the policy is finalized, I will post it on my blog.
If you have not begun a program to address compliance with the Red Flag rule, now is the time!
John Halamka, MD, blogs regularly at Life As a Healthcare CIO.