The Red Flags Rule and Your Practice

January 21, 2009

aap

I was going to write about the 99174 (tomorrow!), but Katy @ PCC wrote this great piece and I thought I’d share it. It’s a message we sent to our clients (aren’t we sweet?).

The Red Flags Rule and Your PracticeRecently, we’ve been hearing some questions about the Federal Trade Commission’s privacy and security requirements, called the “Red Flags Rule,” and how it may affect your practice. We have put together a summary of information about these new requirements with links to more information to help your practice learn about the issue and make informed decisions.

What is the Red Flags Rule?

Last year the Federal Trade Commission (FTC) introduced new privacy and security requirements for banks and creditors called the Red Flags Rule. The requirements are designed to help prevent identity theft. The Red Flags Rule states that financial institutions and creditors must develop and implement written identity theft prevention programs, as part of the Fair and Accurate Credit Transactions (FACT) Act of 2003.

When will enforcement begin?

The Red Flags Rule was first announced in January of 2008, and required that programs be in place by November 2008. A six month delay has been enacted, with the compliance date now set to May 1, 2009. Financial institutions and creditors are required to have these programs established and they must provide for the identification, detection, and response to patterns, practices, or specific activities- known as “red flags”-that could indicate identity theft.

Who must comply with the Red Flags Rule?

The Red Flags Rule pertains to financial institutions and creditors with “covered accounts.” The term creditor under the rules is defined as “any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit.”

The FTC has said that accepting credit cards as a form of payment does not in and of itself make an entity a creditor, but where an entity defers payment for goods or services, they are then considered to be creditors.

A “covered account” is defined by the FTC is an account used mostly for personal, family, or household purposes, and that involves multiple payments or transactions. Covered accounts include credit card accounts, mortgage loans, automobile loans, margin accounts, cell phone accounts, utility accounts, checking accounts, and savings accounts. A covered account is also an account for which there is a foreseeable risk of identity theft - for example, small business or sole proprietorship accounts.

So, are physicians considered “creditors”?

There have been a number of conflicting points of view as to whether or not a medical office is considered a creditor. The MGMA has joined the AAP and other medical organizations in responding to the FTC about this rule, saying that it does not seem appropriate to consider a medical office a “creditor.”

To our knowledge, the FTC has not yet responded to the MGMA’s position on this issue. What we’re seeing right now is articles appearing in various journals which are speculating as to what might happen.

What action, if any, should pediatricians take?

We encourage you to learn about the Red Flags Rule and make an informed decision for your practice. We have heard of several instances where customers are being approached by vendors selling services to address these rules. In some cases, the sales tactics are high-pressure and the solutions costly. We want pediatricians to be aware, before rushing out to purchase potentially costly services, that there is an active dispute as to whether the rule even applies to medical offices.

PCC agrees with the AAP and MGMA that it does not seem appropriate to consider a medical office a “creditor” and thus the Red Flags Rule should not apply to medical offices. We also agree that protecting against identity theft is very important. PCC has been in contact with health care lawyers and has read the Red Flags Rule, MGMA response, and other industry articles about this topic.
We believe identity theft concerns may be addressed by your existing HIPAA policies, which are designed to prevent the theft, sale, or distribution, of protected health care information. The information covered by the Red Flag Rules is a subset of the protected healthcare information.

However, this may be a good opportunity to review your office’s policies to make sure you are in compliance with all aspects of HIPAA–Privacy, Security, Transactions and Code Sets, and National Provider Identifier Standards. PCC can help you achieve compliance with our collection of sample policies and forms. You can also refer to our selection of helpful HIPAA resources to learn more about the standard requirements.

Web Resources:
http://www.ftc.gov/opa/2007/10/redflag.shtm
http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm
http://www.mgma.com/policy/default.aspx?id=22230

0 Comments

Chip's Next Appearance

11/10/23

Pediatric CEO Intensive

Do you own your practice or does your practice own you?
You own and run a super busy pediatric practice but you know you haven’t reached your maximum potential. You know you need to invest in yourself so you can continue to grow your practice and as a professional. You own a multimillion dollar business, after all.

Enter Pediatric CEO Intensive.

We’ve done the work for you to bring all the best business minds together at this first-of-its-kind event to help you level up your frame of mind. Instead of spending tens of thousands of dollars and countless hours chasing down the solutions, we’ve assembled exactly what you need in one perfect weekend…

Register Here
05/10/23

Children's Community Physicians Association Annual Meeting

Off to Chicago to have a blast with Heidi from PedsOne and that goofball I used to do a podcast with, Brandon Betancourt.

Register Here
05/23/23

AL AAP 2023 Spring Meeting & Fall Pediatric Update

Alabama Chapter-AAP members and other pediatric healthcare providers, join the Chapter for its signature event, the Spring Meeting & Pediatric Update! In 2023, we are delighted to host pediatricians from throughout the state and region once again at The Lodge at Gulf State Park in Gulf Shores, AL, this time on Memorial Day weekend!

Register Here
04/17/23

FCAAP Forum Series

The 2023 series will offer four focus areas over the course of the year: Practice Culture, Immunizations, Professional Development, and Advocacy. Speakers for the series include Dr. Brandon Chatani, Dr. Sandy Chung, Dr. Nola Ernest, Dr. Shannon Fox-Levine, Mr. Chip Hart, Dr. Akshata Hopkins, Dr. Joanna Perdomo, Dr. Toni Richards-Rowley, Mr. Tim Rushford, Dr. Katie Schafer, Dr. Robin Warner, Dr. Melinda Williams-Willingham, and Dr. Mariam Zeini.

Register Here
09/01/23

The Future of Pediatric Practice 2023

The Future of Pediatric Practice (FPP) is the annual conference of the Florida Chapter of American Academy of Pediatrics. Hosted over Labor Day weekend each year, the conference attracts pediatric health care professionals from around the state of Florida and across the country. This will be my 10th year presenting!

Register Here
10/20/23

AAP National Conference

Mark your calendars for the 2023 AAP National Conference & Exhibition, October 20-24, in Washington, DC. Don’t miss out on this opportunity to connect with colleagues, engage in thought-provoking education sessions, and visit the world’s largest pediatric exhibit hall.

I'll have 2 or 3 presentations, including what should be another fascinating Section H lineup about insurance negotiation.

Register Here

The Red Flags Rule and Your Practice

Comments

Subscribe to Chip's Blog