Red Flags that the World Privacy Forum recommends for health care providers are:
- A complaint or question from a patient based on the patient’s receipt of:
-a bill for another individual,
-a bill for a product or service that the patient denies receiving,
-a bill from a health care provider that the patient never patronized,
-a notice of insurance benefits (or Explanation of Benefits ) for health services never received. - Records showing medical treatment that is inconsistent with a physical examination or with a medical history as reported by the patient.
- A complaint or question from a patient about the receipt of a collection notice from a bill collector.
- A patient or insurance company report that coverage for legitimate hospital stays is denied because insurance benefits have been depleted or a lifetime cap has been reached.
- A complaint or question from a patient about information added to a credit report by a health care provider or insurer.
- A dispute of a bill by a patient who claims to be the victim of any type of identity theft.
- A patient who has an insurance number but never produces an insurance card or other physical documentation of insurance.
- A notice or inquiry from an insurance fraud investigator for a private insurance company or a law enforcement agency.
Health care providers – whether they are for-profit, non-profit or governmental entities – may have obligations under the FTC Red Flag rules. Medical identity theft – particularly involving insider access to data – is a real concern in the health care sector, and is included expressly in the Red Flag Rules Guidelines. Because most healthcare providers defer payment for services, they are considered creditors and are subject to the Red Flag Rules.
Attend our April 2009 Leadership Seminar to learn more about implementing these rules.
0 Responses to “Are you ready for the Red Flag Rules?”