Corporate Compliance

Tip: Steps for Red Flags Rule compliance

Compliance Monitor, July 15, 2009

John C. Parmigiani, HIPAA security and privacy consultant and president of John C. Parmigiani & Associates, LLC, in Ellicott City, MD, suggests several steps to help providers become compliant by August 1.
First, conduct an organizational audit. Identify potential problems associated with your unique organization. Be sure to allow sufficient time to conduct a thorough investigation. Then develop a theft prevention program; this is an FTC requirement and necessary to track every account on your books. The amount someone pays is irrelevant—even if it’s only a dollar per week, says Parmigiani.
The written program must:
  • Identify potential red flags that exist within your institution
  • Help detect red flags when they occur in real time
  • Detail how you will respond to incidents of attempted identify theft (i.e., how you can either prevent the incident or how you will mitigate damages if you are unable to do so) 
These steps are also important to maintain good business standards, says Parmigiani.
This tip was adapted from the article “Compliance update: FTC moves Red Flags Rule compliance deadline to August 1,” which appears in the April 2009 issue of HCPro’s monthly newsletter Health Information Compliance Insider. To learn more about this newsletter or to subscribe, visit HCMarketplace.

Most Popular