Corporate Compliance

Tip: Develop an identity theft prevention program

Compliance Monitor, March 11, 2009

Medical identity theft is an ugly reality for healthcare organizations, patients, and payers. It’s only going to get worse if providers don’t have an effective theft prevention program, a specific requirement of the Federal Trade Commission’s (FTC) Red Flags Rule, which has a compliance deadline of May 1.

When developing an identity theft prevention program, John C. Parmigiani, HIPAA security and privacy consultant and president of John C. Parmigiani & Associates, LLC, in Ellicott City, MD, suggests you include all credit accounts in the program’s scope, not just large balance accounts.

The written program must fulfill the following criteria:
  • Identify potential red flags within your institution
  • Help you detect red flags in real time
  • Detail how you are going to respond to identity theft attempts (i.e., how you can stop theft attempts or how you will mitigate the damage after the fact)
To put this program together, include representatives from risk management, security, privacy, IT, and registration, among others, says Kate Borten, CISSP, CISM, president of The Marblehead Group in Marblehead, MA.
This tip was adapted from the article “Mark it down: Red flags rule compliance deadline is May 1,” which appears in the April 2009 issue of HCPro’s monthly newsletter Health Information Compliance Insider,. To learn more about this newsletter and how to subscribe visit the HCMarketplace.

Most Popular