Guidance on Preparing for Implementation of the Red Flags Rule

Posted on June 23, 2009 by Ilana Sable

The FTC has posted a compliance template (pdf) for businesses at low risk for identity theft, such as most health care providers.  The template allows business owners to design their own Identity Theft Prevention Program in accordance with the FTC Red Flags Rule, and consists of two relatively easy to use parts. 

Part A helps users determine if their business is at low risk, and Part B helps users design a written Identity Theft Prevention Program if their business is in a low risk category.

However, like any other compliance regulation, the purpose of the Red Flags Rule is not to inflict more paperwork on affected businesses; its purpose is to foster meaningful use of effective identity theft prevention programs.  At minimum, health care providers must actually adhere to the programs that they develop, and train their employees accordingly.

Remember, the implementation date for the Red Flags Rule is August 1, 2009!
 

Tags: , ,

One Step Closer to a National EHR Certification System

Posted on June 17, 2009 by Ilana Sable

As noted in a previous post, only providers using nationally certified EHR systems will be eligible for the financial incentives available under the ARRA.  Currently, there are no nationally certified EHR systems, and no certification criteria has been named.

The Certification Commission for Healthcare Information Technology (“CCHIT”), a recognized certification body for electronic health records (“EHR”), has submitted its proposed EHR certification criteria(pdf), which maps the requirements of an ARRA qualified EHR, to the HIT Standards Committee for review and approval.  CCHIT anticipates feedback on the proposed certification criteria by August 26, 2009, and will begin accepting applications from EHR vendors shortly after receiving the anticipated “green light.”

CCHIT has already named many EHR vendors as “CCHIT Certified 08,” but this certification does not have any connection to the national certification required under the ARRA, and does not guarantee eligibility for the financial incentives.
 

Tags: , , ,

A Primer on the FTC Red Flags Rule

Posted on June 1, 2009 by Ilana Sable

The “Red Flags” Rule, enforced by the Federal Trade Commission (“FTC”), requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs – or “red flags” – of identity theft in their day-to-day operations, take steps to prevent the crime, and mitigate the damage it inflicts.

The Red Flags Rule applies to financial institutions and creditors. The determination of whether your business or organization is covered by the Red Flags Rule is not based on your industry or sector, but rather on whether your activities fall within the relevant definitions.

The definition of “creditor” is broad and includes businesses or organizations that regularly defer payment for goods or services or provide goods or services and bill customers later. Health care providers are among the entities that may fall within this definition, depending on how and when they collect payment for their services.

For instance, health care providers become third party creditors, like credit card companies, when they extend their services (give value) to patients and then wait to receive payment from their patients’ health insurance carriers. While the health care provider is waiting to receive payment, he or she has “credited” the service to the patient with the expectation of reimbursement from the insurer at some future time.

Another example is health care providers who offer payment plans to their patients. This is often the case with very expensive, and frequently uninsured, dental work, where the health care provider offers the patient a payment plan that the patient pays off over the course of the treatment. Again, the health care provider credits the patient with the service and waits for full reimbursement from the patient.

On April 30, 2009, the FTC announced that it is postponing implementation of its Red Flags Rule until August 1, 2009. For more information of the Red Flags rule – and how it applied to your practice – please see the FTC’s guide on Fighting Fraud with the Red Flags Rule: A How-To Guide for Business (pdf).
 

Tags: ,