Health Information Management

Federal 'red flag' identity theft rule takes effect

HIM-HIPAA Insider, October 6, 2008

Effective November 1, hospitals must have a plan to detect, mitigate, and prevent red flags that signal potential identity theft. This is a requirement under the Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003 (final rule).
 
The rule applies primarily to financial institutions and other lenders, but many healthcare providers are also subject to its provisions. The rule does not specifically reference hospitals, but it does suggest that they may fit the legislation’s extremely broad definition of “creditor” because they permit deferred payment of certain ongoing accounts.
 
Essentially, providers become “creditors” when they establish payment plan. Supplementary information published with the rule states that:
Creditors in the healthcare field may be at risk of medical identity theft (i.e., identity theft for the purpose of obtaining medical services) and, therefore, must identify Red Flags that reflect this risk.
Examples of red flags could include, but are not limited to, any of the following:
  • A discrepancy between an individual’s address on their insurance policy and their driver’s license
  • A driver’s license photograph or other photo ID that doesn’t resemble the individual presenting it
  • A P.O. box or mail drop instead of a street address
  • A telephone number for a pager or answering service
To view the red flag rule, which was published in the November 9, 2007 Federal Register, visit http://edocket.access.gpo.gov/2007/pdf/07-5453.pdf. For illustrative examples that hospitals can use when developing an identity theft prevention program, refer to Supplement A to Appendix J of the rule.
 
Also refer to the World Privacy Forum Web site to view its latest report titled “Red Flag and Address Discrepancy Requirements: Suggestions for Health Care Providers,” released September 24. To view the report, click here.

Comments

0 comments on “Federal 'red flag' identity theft rule takes effect

 

Most Popular