Readying for the Red Flags Rule: It pays to be prepared

Mark F. Weiss
May 25, 2009

In order to give creditors, which by definition include many radiology groups and imaging facilities, more time to comply with its Red Flags Rule, the Federal Trade Commission (FTC) has announced that it will delay enforcement of the rule until August 1.

What is the Red Flags Rule?

2009 03 18 10 21 46 535 Weiss Mark 150
Healthcare business and legal affairs expert Mark F. Weiss.

The Red Flags Rule is federal regulation aimed at detecting identity theft through the identification by financial institutions and creditors of "red flags," or indicators of possible identity theft appropriate to the specific business relationship, so that action can be taken to expose actual instances of that crime, mitigate its damage, and prevent future occurrences.

Despite protest by the American Medical Association (AMA) and other groups that the federal statue pursuant to which the Red Flags Rule was issued was never meant to cover the patient-provider relationship -- and that, therefore, the rule is overbroad -- the FTC has not agreed with that position.

In announcing the extension of the enforcement date, the FTC acknowledged the debate concerning the scope of the rule and stated that it will release a template to help entities with a low risk of identity theft, including those that know their customers personally, comply with the law.

Why should radiologists and imaging facilities be concerned?

Radiologists and imaging facilities need to be concerned with the rule and compliance with it for several reasons.

First, the penalty for noncompliance could be as high as $2,500 for each "knowing violation." As it is likely that an entity's noncompliance would be global and not just limited to a single instance, it's conceivable that an entity liable for one penalty would be simultaneously liable for many penalties.

Second, there are other good reasons to comply with the rule besides the avoidance of penalties:

  • The rule operates as a logical component to patient privacy laws, including HIPAA, with which your practice already complies. HIPAA and other privacy laws are designed to keep a patient's healthcare information restricted to those who should be using it -- the Red Flags Rule operates to prevent a patient's healthcare information from being "polluted" with inapplicable data, the data of a third party who has assumed the patient's identity. In this light, the Red Flags Rule is another component of assuring data security and trustworthiness.
  • Unpolluted data not only benefits the "real" patient, in certain circumstances it can benefit your ability to interpret and diagnose. For example, it increases the chances that an image taken previously is really of the same individual.
  • Additionally, it increases the odds that you will not be conned into providing care that will not be reimbursed. For example, Ms. Jones' carrier will not pay for services delivered to Ms. Smith masquerading as Ms. Jones.

Is my practice required to comply with the rule?

The rule sets out a test to determine if you fall within its scope.

First, you must be a creditor, which, for medical practices or facilities, means that you regularly defer payment by your patients through accepting payment from their carrier or by allowing payment plans.

If you are a creditor, the rule applies only if you have accounts, which requires a continuing relationship with your patients. Although it might be conceivable that your practice has one-time patient encounters only, most if not all practices will have multiple transactions with some patients and will, therefore, fall subject to the rule.

The next step is to determine if your accounts are considered covered accounts. There are two tracks to covered account status. One is that the service underlying a multiple payment account relates to personal, as opposed to business, purposes; most healthcare services would be included within this track. The other track is that there is a reasonably foreseeable risk of harm (financial, operational, compliance, reputation, or litigation risk) to your customers or to your practice from identity theft.

We're covered, so now what?

If your practice or facility is covered by the rule, you are required to implement a written identity theft prevention program by August 1, 2009. The program must be approved by your entity's board of directors or like governing body or by senior management.

The first step in developing the program is to identity red flags of identity theft relevant to your operation. For example, red flags might include identification that is obviously forged or phony, a social security number outside of the date range of the patient's stated age, an address that turns out to be nonexistent or otherwise not valid, or receipt of a complaint from the person receiving your statement that he or she has never been a patient of your practice.

You have to design and implement procedures for identifying those red flags, both in respect of new patient accounts and existing ones. This includes staff training on implementing policies designed to discover incidents of red flags.

You also need a plan for how to react if a red flag is detected. Your plan might include steps such as informing the police and other authorities, notifying the victim of the identity theft, and assessing the injury to your practice and its medical records.

Finally, your identity theft prevention program must be overseen by your entity's board, senior management, or someone to whom that task is delegated. And, you need to make periodic assessments of how your plan is operating and of any changes to it that should be made.

The practical bottom line

From a practical perspective, it makes little or no sense to rely on the argument that the Red Flags Rule or the statute underlying it is overbroad and not meant to apply to healthcare providers.

Even if the FTC were to change its position on the applicability of the rule, it benefits radiologists and imaging facilities to adopt its practices to reduce the risk of creating medical data that pollute your medical records, and to increase the chances that you will be paid for your services.

Lastly, compliance is relatively easy, especially when considered as a complement to existing HIPAA policies and procedures.

By Mark F. Weiss
AuntMinnie.com contributing writer
May 26, 2009

Mark F. Weiss is an attorney who specializes in the business and legal issues affecting radiology and other physician groups. He holds an appointment as clinical assistant professor of anesthesiology at University of Southern California's Keck School of Medicine and practices nationally with the Advisory Law Group, a firm with offices in Los Angeles and Santa Barbara, CA. Mr. Weiss provides complimentary educational materials to our readers. Visit www.advisorylawgroup.com for his free newsletter. He can be reached by e-mail at [email protected].

Related Reading

The Profit Center: Part 2 -- Steering clear of Stark and false-claims violations, March 31, 2009

Copyright © 2009 Mark F. Weiss

Latest in Practice Management
Asrt Be Seen Campaign 2024
State of the RT profession more palpable than ever
April 24, 2024
Screenshot (1150)
Radiologists can take steps toward environmental sustainability
April 23, 2024
Register today for a FREE webinar May 8 at 12 Noon EDT
Sponsored
Register today for a FREE webinar May 8 at 12 Noon EDT
April 24, 2024
Asrt Be Seen Campaign 2024
What's brewing in RT and RRA legislation, policy, and standards?
April 22, 2024
Related Stories
2009 05 19 13 36 10 278 Thermography Thumb
Practice Management
Oregon case spotlights clinical validity of breast thermography
2009 05 13 13 35 26 321 Rt By Specialization
Careers
Radiologist salaries inched up in 2008, SalaryScan survey shows
2009 03 12 10 19 18 342 Profit Center
Practice Management
The Profit Center: Part 3 -- Crafting effective employment contracts
IMV’s Oncology in Diagnostic Imaging Market Outlook Report
Sponsor Content
IMV’s Oncology in Diagnostic Imaging Market Outlook Report
More in Practice Management
State of the RT profession more palpable than ever
By Liz Carey
As the ASRT prepares to announce changes to its professional-entry pathways and practice standards at its June meeting in Orlando, FL, Board President Brandon Smith said the state of the field is "more palpable than ever."
April 24, 2024
Asrt Be Seen Campaign 2024
Radiologists can take steps toward environmental sustainability
By Amerigo Allegretto
Radiology departments can take proactive steps to promote environmental sustainability.
April 23, 2024
Screenshot (1150)
Mobile health screening model lowers costs, promotes sustainability
By Amerigo Allegretto
A new cancer screening service model can reduce costs and improve environmental sustainability for breast cancer screening and other screening exams.
April 22, 2024
Breast Screening Van 400
What's brewing in RT and RRA legislation, policy, and standards?
By Liz Carey
A range of federal and state legislation and other developments in the works could have a significant impact on radiologic technologists (RTs) and registered radiology assistants (RRAs).
April 22, 2024
Asrt Be Seen Campaign 2024
Pisano speaks with AuntMinnie.com on new ARPA-H leadership role
By Amerigo Allegretto
Etta Pisano, MD, spoke with AuntMinnie.com on leading the Advancing Clinical Trials Readiness initiative, part of ARPA-H.
April 18, 2024
Screenshot (1143)
AdvaMed urges Congress prioritize R&D tax credit
By AuntMinnie.com staff writers
Medical technology trade association Advanced Medical Technology Association (AdvaMed) is urging Congress to pass a tax provision to change how small businesses deduct their research and development expenses.
April 17, 2024
Us Flag
ACR lays off 11% of workforce
By Kate Madden Yee
The American College of Radiology (ACR) has reduced its workforce by 11%, according to a statement released by the organization.
April 16, 2024
Acr Logo 2023 400
MICI Q2 2024: Radiology administrators remain optimistic about growth
By Kate Madden Yee
Radiology administrators are confident that diagnostic and interventional radiology will continue to grow as a profit center, according to The MarkeTech Group's Medical Imaging Confidence Index (MICI) report for the second quarter of 2024.
April 15, 2024
Graph Arrow Up
Radiologists experience modest pay increase
By Will Morton
Radiologist have jumped up a spot in earnings among the top 10 specialists in the U.S., according to a Medscape survey.
April 12, 2024
Cash
NIH: Occupational radiation dose to RTs needs careful monitoring
By Kate Madden Yee
Occupational doses to radiologic technologists imparted by assistance with fluoroscopically-guided interventional procedures are generally low, but they do need careful monitoring, a team of National Institute of Health (NIH) researchers has found.
April 12, 2024
Radiation Logo
UltraCon: Work-related MSK disorders tied to sonographer burnout
By Amerigo Allegretto
Work-related musculoskeletal (MSK) disorders are tied to work-related burnout among sonographers, according to research highlighted April 10 at UltraCon.
April 11, 2024
Jennifer Bagley from the University of Oklahoma Health Sciences Center presents results at UltraCon suggesting that work-related musculoskeletal disorders are tied to burnout among sonographers.
HAP secures New Jersey revenue cycle services contract
By AuntMinnie.com staff writers
Healthcare Administrative Partners (HAP) announced it will take over all core revenue cycle services on behalf of New Jersey-based Health Village Imaging.
April 10, 2024
Keyboard Key Billing Management
Page 1 of 1166
Next Page