Obama signs Red Flags bill
HIPAA Weekly Advisor, December 27, 2010
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
President Obama signed the bill December 18 that changes the Red Flags Rule's definition of "creditor" and relieves some physicians of having to comply with the Federal Trade Commission's identity theft prevention law.
Earlier in the month, the House and Senate passed the bill officially titled "Red Flag Program Clarification Act of 2010."
The Red Flags Rule becomes enforceable December 31. The FTC said earlier this year on its website that it delayed enforcement at the request of Congress as it "considers legislation that would affect the scope of entities covered by the rule." Compliance date was November 1, 2008.
Red Flags calls for "creditors" to establish a program to protect patients from medical identity theft. As a result of the changed definition, smaller entities such as physician practices and physicians’ offices have long argued that they should be not be required to comply. Some even filed lawsuits.
Jeff Drummond, health law partner in the Dallas office of Jackson Walker LLP, says the law doesn't actually "remove physicians from the Red Flags Rule." It clarifies in a reasonable way, he says, what a "creditor" is.
"I think the FTC went way overboard with their definition of 'creditor' including anyone who takes payment after providing the service," Drummond says. "Taken to its logical extreme, McDonald's and Burger King are not creditors, but Chili's is. So, it's a good change to rein in an overbroad regulatory agency."
Some physicians will still be creditors; plastic surgeons and LASIK surgeons, for example, if they take payments over time from their patients.
Drummond adds it's not difficult to establish an identity theft prevention program, as the Red Flags Rule requires, because physicians must have HIPAA programs in place anyway.
"It's just good practice, and good customer service, to have an ID theft prevention program in place," Drummond says. "So, even if you don't have to, you ought to."
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- HIPAA Q&A: Level of encryption needed for email
- What does case-mix index mean to you?
- Identify potential Medicaid RAC target areas
- QA:Coding multiple initial infusions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched