Your business has until August 1 to comply with the Federal Trade Commission’s new Identity Theft Red Flags Rule, which mandates the implementation of a written identity theft program. Failure to comply may result in financial penalties.
The Red Flags Rule applies to financial institutions and creditors—and senior living providers can be considered creditors. According to the FTC, “the definition of a creditor is broad and includes businesses or organizations that regularly defer payment for goods or services or provide goods or services and bill customers later. Utility companies, health care providers, and telecommunications companies are among the entities that may fall within this definition.”
Health-care providers that accept insurance are also considered creditors if customers/residents are ultimately responsible for the fees related to their health care. However, providers are not considered a creditors if they merely accept credit cards as a form of payment.
Examples of medical/health-care related identity theft include:
- An identity thief uses someone else’s information and insurance to obtain surgery. When the hospital submits its claims to the identity victim’s insurance company, the claim is denied and the hospital must absorb the costs. The medical records of the victim were compromised with the thief’s medical information. The hospital must then purge the medical records of the victim and create a Jane/John Doe record for the thief.
- A health-care employee who has access to customer billing information sells that information to an identity thief who submits fraudulent claims to Medicare and receives payment.
According to FTC officials, health-care providers will be deemed compliant with the Red Flags Rule if they have “reasonable” policies and procedures in place to protects customer/resident information. Some examples of these policies and procedures include:
- Training staff on how to identify medical ID theft red flags
- Instituting policies on how to verify resident identity
- Assigning a staff member to investigate situations where there are discrepancies regarding resident information.
- Keeping residents’ vital information off of as many documents as possible.
- Alerting authorities of suspicious circumstances.
Here are several resources about the FTC’s Red Flags Rule, including a how-to guide for businesses.
