Up until now, most of the consumer fraud has been associated with financial services. However, as banks tighten up their ID Theft efforts, we are now beginning to see a swing towards the very lucrative healthcare space where fraud processes aren't nearly as well established yet.

Therefore, in order to prevent the already rising "Medical Identity Theft" the Federal Trade Commission (FTC) has determined that healthcare organizations that accept insurance or provide payment plans to their patients will be considered creditors subject to the Red Flags Rule requirements.

Red Flags Rule requires that creditors must have identity theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft.  Information including Protected Health Information (PHI), social security numbers, credit card info, claims data and other sensitive information are covered by the rule.

According to the FTC, Red Flags Rule requires a written program that identifies and detects the relevant warning signs - or "red flags" - of identity theft. These may include, for example, unusual account activity, fraud alerts on a consumer report, or attempted use of suspicious account application documents. The program must also describe appropriate responses that would prevent and mitigate the crime and detail a plan to update the program. The program must be managed by the Executive Boards or managing employees and it must include appropriate staff training.

Every medical practice should already be in compliance with the requirements of the Red Flags Rule, and if you're not, don't wait until the last minute...

New Red Flags rule regarding identity theft was originally scheduled to go into effect May 1st, 2009 but it has been extended to August 1st, 2009.

For additional questions, or guidance, feel free to call our office at (973) 291-8441.