Red Flags Rule Facts For Physicians
Since the Federal Trade Commission (FTC) first issued the set of regulations referred to as “Red Flags Rule” in November 2007, there has been a controversy regarding application of the Rule to physicians and medical billing services. At the end of May 2010, the American Medical Association successfully obtained yet another delay from the FTC regarding the Red Flags Rule until December 31, 2010.
The AMA continues to work to convince the FTC that physicians should be exempt from the rule. It should be noted AMA has held this position for the past two years. The Rule applies to an institution which operates as a “creditor”. It has been FTC’s stand that physicians fall into the creditor status because they provide services on credit awaiting insurance payment or in some instances enters into payment arrangements with patients for their medical billing services.
What is the Red Flags Rule all about?
The rule is being put in place as protection from identity theft. Identity theft is a person’s use of another’s personal identification such as name, Social Security, credit card number, or insurance information.
Medical identity theft presents a real problem in the medical community. This type of theft can result in false claims being processed by medical billing companies and physicians when a patient uses another person’s insurance card and coverage. Erroneous documentation can be made in the chart of a medical identity theft victim.
The FTC has identified the following to be red flags:
• Consumer reporting agency notifications, warnings and alerts
• Documents that are suspicious, addresses that are inconsistent, and missing social security numbers
• Suspicious activity for a patient account or use of a patient account that is unusual
• Receiving information regarding potential identity theft from patients, identity theft victims, or authorities of law enforcement.
What should a physician and medical billing companies do to comply with the Rule by next year?
The Red Flags Rule requires that reasonable policies and procedures be put in place for identification, detection and provide a response to the red flags of identity theft. Reasonable is a fairly loose term with definition dependent upon specifics of the medical entity. The Red Flags Program for your practice or medical billing services should be reviewed and updated at minimum on an annual basis.
The Red Flags Rule policies and procedures should be developed to complement policies and procedures already in place for HIPAA privacy and security of personal health information (PHI) for patients.
The American Medical Association, Medical Group Management Association and various other medical group organizations have resources available to provide assistance in assuring compliance with the Rule.
Yes, it is possible the AMA may be successful in attempts to have physicians excluded from the Rule but for safe practice the medical community including medical billing services should be prepared with a Red Flag Program in place before the end of the year. Failure to have the necessary policies and procedures in place by December 31, 2010 could result in up to a $2,500 penalty for each “knowing violation”.
©PGM Billing
medical billing services, medical billing companies