Federal 'red flag' identity theft rule takes effect
HIPAA Weekly Advisor, October 6, 2008
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Effective November 1, hospitals must have a plan to detect, mitigate, and prevent red flags that signal potential identity theft. This is a requirement under the Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003 (final rule).
The rule applies primarily to financial institutions and other lenders, but many healthcare providers are also subject to its provisions. The rule does not specifically reference hospitals, but it does suggest that they may fit the legislation’s extremely broad definition of “creditor” because they permit deferred payment of certain ongoing accounts.
Essentially, providers become “creditors” when they establish payment plan. Supplementary information published with the rule states that:
Creditors in the healthcare field may be at risk of medical identity theft (i.e., identity theft for the purpose of obtaining medical services) and, therefore, must identify Red Flags that reflect this risk.
Examples of red flags could include, but are not limited to, any of the following:
- A discrepancy between an individual’s address on their insurance policy and their driver’s license
- A driver’s license photograph or other photo ID that doesn’t resemble the individual presenting it
- A P.O. box or mail drop instead of a street address
- A telephone number for a pager or answering service
To view the red flag rule, which was published in the November 9, 2007 Federal Register, visit http://edocket.access.gpo.gov/2007/pdf/07-5453.pdf. For illustrative examples that hospitals can use when developing an identity theft prevention program, refer to Supplement A to Appendix J of the rule.
Also refer to the World Privacy Forum Web site to view its latest report titled “Red Flag and Address Discrepancy Requirements: Suggestions for Health Care Providers,” released September 24. To view the report, click here.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Comments
0 comments on “Federal 'red flag' identity theft rule takes effect ”
Related Products
-
Guide to HIPAA Auditing, Second Edition
This new edition of a best-selling book delivers the hands-on tools and guidance you need to conduct effective in-house...
-
The No-Hassle Guide to HIPAA Policies: A Privacy and Security Toolkit
HIPAA regulations require extensive documentation—likely more than you've done in the past. Changing the way you look...
-
The HIPAA and HITECH Toolkit
The HIPAA and HITECH Toolkit is a valuable resource that helps both CEs and BAs understand and meet the HITECH Act's...
-
HIPAA Handbook for Nutrition, Environmental Services, and Volunteer Staff:
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
-
HIPAA Handbook for Registration and Front Office Staff
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- QA:Coding multiple initial infusions
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched