As I hope that you’re aware, a new set of rules from the Federal Trade Commission take effect on May 1. These rules, referred to as “Red Flag” rules, outline the requirements for all creditors in dealing with and preventing identify theft. All organizations that extend credit, such as deferring payments, are covered, so medical practices are covered.
There has been a fair amount of going back and forth between the FTC staff and the legal staffs of the AMA and MGMA. While they tussle, here’s the summary: there are certain expectations in securing patient financial information, such as credit card information. In addition, practices should be asking for a form of ID for new patients, such as a driver’s license or utility bill in addition to the insurance card. Part of the issue here is identity theft that includes using another person’s health insurance benefits when seeking care. The FTC rules outline some steps that a practice needs to take when notified of a possible identify theft.
Here are some resources from the AMA that are good guidance for you. MGMA members should go to the MGMA website for other materials. Finally, you should review all this with your attorney.