Save a Life, Prevent ID Theft

Save a Life, Prevent ID Theft

Article Jun 17, 2009

Identity theft has been an ongoing concern of government agencies over the past 10 years. It was, in large part, the driving force behind the HIPAA Security Rule implemented by the Department of Health and Human Services. Now, another agency is taking aim at preventing identity theft, and we get to help.

The Federal Trade Commission (FTC) has announced the "Red Flag Rules," which are designed to help "creditors" prevent identity theft. Traditionally, healthcare providers have not been considered "creditors," since we typically do not charge interest. But, under the new rules, if you defer payment for your services, you will be responsible for watching for these red flags and taking steps to respond to suspected identity theft (as if you didn't have other things to do!). The FTC will begin to enforce these rules on August 1, 2009, for most healthcare providers.

What's Involved
There are basically four elements required for the Written Identity Theft Program:

  1. You must identify any relevant red flags, taking into consideration the risks inherent in your type of business. For healthcare providers, those risks include patients using someone else's insurance policy or name and address. The "red flags" that would alert you to this type of identity theft would include a patient who gives an insurance number but has no insurance card, a complaint from a person you have billed who says they did not receive the service, or a notice that you have an incorrect address.

  2. Once you have identified what these "red flags" should be, you have to develop a method to detect them. The rules suggest this be accomplished by obtaining identifying information about the person who is opening an account with you (for us, that would be our patients). For ambulance providers, obtaining verification of insurance coverage should also be a key element of your program.

  3. In the event you detect a "red flag" that indicates possible identity theft, you must respond "appropriately." For example, if a patient complains that you billed him (or his insurance) for services he did not receive, an identified red flag has been detected and you must take action. That action may be to write off the account (once you verify that you do in fact have the wrong patient) and/or to contact law enforcement to let them know about possible identity theft (and theft of your services). It is likely that you have had these situations arise in the past. Use that experience in developing your program.

  4. You must update your program periodically to address changes in identity theft risks and your company's history with identity theft in the preceding months. There should also be a written report, at least annually, on the effectiveness of your program. Given the similarities between this rule and the HIPAA Security Rule, the best person at your office to put this program together and write your annual report would likely be your HIPAA Compliance Officer; however, the rules require that the program be administered by your board of directors or a member of "senior management." Once the written program is in place, you must train your staff on at least the first three elements.

Unfortunately, as you can see from this article or a review of the rules themselves (see www.ftc.gov/opa/2007/10/redflag.shtm), there is not a lot of specific guidance, and many of the suggestions given are relevant to "creditors" in the traditional sense (ones who take credit applications, or at least have the patient fill in an information sheet before goods or services are given).

This article provides a general outline of the rule's requirements, but it is up to you to actually determine what your "red flags" are, how you will detect them and what you should do once you find an instance of possible identity theft. The information must then be put into a written program and assessed in an annual report. Yes, it is up to you to help prevent identity theft. And you thought all you had to do was save lives!

Continue Reading

G. Christopher Kelly is an attorney who focuses on federal laws and regulations as they relate to the healthcare industry and specifically to the ambulance industry. Chris lectures and advises EMS service clients across the U.S. This article is not intended to be legal advice. For more information or specific questions, Chris can be reached at ckelly@emscltd.com or by contacting EMS Consultants, Ltd. at 800/342-5460.

Crestline Coach attended the Eighth Annual Saskatchewan Health & Safety Leadership conference on June 8 to publicly sign the “Mission: Zero” charter on behalf of the organization, its employees and their families.
ImageTrend, Inc. announced the winners of the 2017 Hooley Awards, which recognize those who are serving in a new or innovative way to meet the needs of their organization, including developing programs or solutions to benefit providers, administrators, or the community.
Firefighters trained with the local hospital in a drill involving a chemical spill, practicing a decontamination process and setting up a mass casualty tent for patient treatment.
Many oppose officials nationwide who propose limiting Narcan treatment on patients who overdose multiple times to save city dollars, saying it's their job to save lives, not to play God.
While it's unclear what exact substance they were exposed to while treating a patient for cardiac arrest, two paramedics, an EMT and a fire chief were observed at a hospital after experiencing high blood pressure, rapid heartbeat, and mood changes.
After a forest fire broke out, students, residents and nursing home residents were evacuated and treated for light smoke inhalation before police started allowing people to return to their buildings.
AAA’s Stars of Life program celebrates the contributions of ambulance professionals who have gone above and beyond the call of duty in service to their communities or the EMS profession.
Forthcoming events across the country will provide a forum for questions and ideas
The Harris County Office of Homeland Security & Emergency Management (HCOHSEM) has released its 2016 Annual Report summarizing HCOHSEM’s challenges, operations and key accomplishments during the past year.
Patients living in rural areas can wait up to 30 minutes on average for EMS to arrive, whereas suburban or urban residents will wait up to an average of seven minutes.
Tony Spadaro immediately started performing CPR on his wife, Donna, when she went into cardiac arrest, contributing to her survival coupled with the quick response of the local EMS team, who administered an AED shock to restore her heartbeat.
Sunstar Paramedics’ clinical services department and employee Stephen Glatstein received statewide awards.
A Good Samaritan, Jeremy English, flagged down a passing police officer asking him for Narcan after realizing the passengers in the parked car he stopped to help were overdosing on synthetic cannabinoids.
Family and fellow firefighters and paramedics mourn the loss of Todd Middendorf, 46, called "one of the cornerstones" of the department.
The levy is projected to raise about $525,000 per year, and that money must be spent only on the Othello Hospital District ambulance service.