Revenue Cycle

Facilities must be prepared for identity theft

Patient Access Weekly Advisor, October 15, 2008

Effective November 1, hospitals must have a plan in place to detect, mitigate, and prevent red flags that signal potential identity theft, according to the Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003 (final rule).

There was confusion over whether the rule, which is primarily geared toward financial institutions and other lenders, also applied to healthcare providers. However, although the rule doesn’t specifically reference hospitals, it does imply that they may fit the legislation’s extremely broad definition of "creditor" because they permit a deferred payment of certain ongoing accounts.

Essentially, providers become "creditors" when they establish payment plan. Supplementary information published with the rule states the following: Creditors in the healthcare field may be at risk of medical identity theft (i.e., identity theft for the purpose of obtaining medical services) and, therefore, must identify red flags that reflect this risk.

Examples of red flags could include, but are not limited to, any of the following:

  • A mismatch between an individual’s address according to his insurance policy and what appears on his driver’s license
  • A photograph on a driver’s license or other ID that doesn’t match the individual presenting it
  • An address provided that is a P.O. box or mail drop
  • The telephone number provided is for a pager or answering service

To view the red flag rule, which was published in the November 9, 2007 Federal Register, visit this government Web site. For illustrative examples that hospitals can use when developing an identity theft prevention program, refer to Supplement A to Appendix J of the rule. Also refer to the World Privacy Forum Web site to view its latest report titled "Red Flag and Address Discrepancy Requirements: Suggestions for Health Care Providers," released September 24.

Click here to view the report.


0 comments on “Facilities must be prepared for identity theft


Most Popular