Health Information Management

Ensure red flag compliance before August 1

HIM-HIPAA Insider, July 14, 2009

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

The Federal Trade Commission (FTC) developed the Red Flags Rule pursuant to the Fair and Accurate Credit Transactions Act of 2003. Under the rule, financial institutions and creditors with covered accounts must have identity theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. The deadline for compliance? August 1, 2009.

John C. Parmigiani, HIPAA security and privacy consultant and president of John C. Parmigiani & Associates, LLC, in Ellicott City, MD, provides the following tips to help ensure compliance:

  • Conduct an organizational audit
  • Identify potential problems associated with your unique organization
  • Allow sufficient time to conduct a thorough investigation

In addition, providers should develop a theft prevention program; this is an FTC requirement and necessary to track every account on your books. The amount someone pays is irrelevant even if it’s only a dollar per week, says Parmigiani. The written program must:

  • Identify potential red flags that exist within your institution
  • Help detect red flags when they occur in real time
  • Detail how you will respond to incidents of attempted identify theft (i.e., how you can either prevent the incident or how you will mitigate damages if you are unable to do so)

Editor’s note: This tip was adapted from the July issue of Health Information Compliance Insider.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular