Save a Life, Prevent ID Theft

Save a Life, Prevent ID Theft

Article Jun 17, 2009

Identity theft has been an ongoing concern of government agencies over the past 10 years. It was, in large part, the driving force behind the HIPAA Security Rule implemented by the Department of Health and Human Services. Now, another agency is taking aim at preventing identity theft, and we get to help.

The Federal Trade Commission (FTC) has announced the "Red Flag Rules," which are designed to help "creditors" prevent identity theft. Traditionally, healthcare providers have not been considered "creditors," since we typically do not charge interest. But, under the new rules, if you defer payment for your services, you will be responsible for watching for these red flags and taking steps to respond to suspected identity theft (as if you didn't have other things to do!). The FTC will begin to enforce these rules on August 1, 2009, for most healthcare providers.

What's Involved
There are basically four elements required for the Written Identity Theft Program:

  1. You must identify any relevant red flags, taking into consideration the risks inherent in your type of business. For healthcare providers, those risks include patients using someone else's insurance policy or name and address. The "red flags" that would alert you to this type of identity theft would include a patient who gives an insurance number but has no insurance card, a complaint from a person you have billed who says they did not receive the service, or a notice that you have an incorrect address.

  2. Once you have identified what these "red flags" should be, you have to develop a method to detect them. The rules suggest this be accomplished by obtaining identifying information about the person who is opening an account with you (for us, that would be our patients). For ambulance providers, obtaining verification of insurance coverage should also be a key element of your program.

  3. In the event you detect a "red flag" that indicates possible identity theft, you must respond "appropriately." For example, if a patient complains that you billed him (or his insurance) for services he did not receive, an identified red flag has been detected and you must take action. That action may be to write off the account (once you verify that you do in fact have the wrong patient) and/or to contact law enforcement to let them know about possible identity theft (and theft of your services). It is likely that you have had these situations arise in the past. Use that experience in developing your program.

  4. You must update your program periodically to address changes in identity theft risks and your company's history with identity theft in the preceding months. There should also be a written report, at least annually, on the effectiveness of your program. Given the similarities between this rule and the HIPAA Security Rule, the best person at your office to put this program together and write your annual report would likely be your HIPAA Compliance Officer; however, the rules require that the program be administered by your board of directors or a member of "senior management." Once the written program is in place, you must train your staff on at least the first three elements.

Unfortunately, as you can see from this article or a review of the rules themselves (see, there is not a lot of specific guidance, and many of the suggestions given are relevant to "creditors" in the traditional sense (ones who take credit applications, or at least have the patient fill in an information sheet before goods or services are given).

This article provides a general outline of the rule's requirements, but it is up to you to actually determine what your "red flags" are, how you will detect them and what you should do once you find an instance of possible identity theft. The information must then be put into a written program and assessed in an annual report. Yes, it is up to you to help prevent identity theft. And you thought all you had to do was save lives!

Continue Reading

G. Christopher Kelly is an attorney who focuses on federal laws and regulations as they relate to the healthcare industry and specifically to the ambulance industry. Chris lectures and advises EMS service clients across the U.S. This article is not intended to be legal advice. For more information or specific questions, Chris can be reached at or by contacting EMS Consultants, Ltd. at 800/342-5460.

The budget cut allowed the department to cross-staff, using firefighters to staff ambulances due to medical calls outnumbering fire calls.
Starting next year, the insurer will reimburse treatment that doesn’t require the emergency department.
One of the two Northern California wildfires have been fully contained due to cooler temperatures and light rain.
Kenneth Scheppke challenged longstanding traditions in patient care that have not withstood current scrutiny.

EMTs and other first responders who treated the wounded on scene of the Vegas shooting could be at risk for post-traumatic stress.

All EMS, fire, and law enforcement agencies in the county will participate in the drill along with 100 volunteers portraying victims of the shooting.
As the state begins facing the effects of the opioid crisis, medical professionals, law enforcement and prosecutors join the national discussion on possible solutions to the epidemic.
Only one of three in the country, the "rapid extrication team" assists in rescuing injured firefighters while local crews battle the forest fires.
The paramedic-staffed chase car would respond to ALS calls in a timelier manner and help alleviate several local fire departments' calls.
Las Vegas and Orlando massacres set a solemn tone for the normally festive event.
In a project to raise grant funding that began a year ago, the Richmond Ambulance Authority and VCU Health teamed up to provide 35 of Richmond’s Public Schools with Bleeding Control (BCON) equipment. 
Mercy Health's new two-story, 29,000 square foot center features a Level 1 trauma center, an expanded surgical area, and more comfortable patient and visitor access.
Luigi Daberdaku has made 1,500 sandwiches so far for the North Bay first responders managing the wildfires in California.
The Vegas Strong Resiliency Center dedicated to providing resources to those affected by the mass shooting will open on Monday at 1523 Pinto Lane.
A community of nearly 500 deaf people were the last to be notified and evacuated during the wildfires in Sonoma County, calling for better emergency alert systems.