Published by the Federal Trade Commission (FTC) in conjunction with the U.S. Department of the Treasury and other federal financial oversight agencies, the Red Flags Rules require financial institutions, mortgage brokers, and creditors -- including dentists and other healthcare providers, according to the FTC -- to develop a written plan to detect identity theft in their businesses. Failure to comply could result in administrative penalties and up to $2,500 in fines per violation.
Red Flags Rules compliance
To be in compliance with the Red Flags Rules, dentists and other healthcare providers must:
- Identify relevant warning signs of potential identity theft. Such red flags may include suspicious documents or billing activity, or notices from law enforcement authorities.
- Establish policies and procedures to detect red flags in daily operations. These may include verifying a patient's identity and insurance information, or reviewing medical records for discrepancies. Implementing the process requires senior management approval and appropriate staff training.
- Prevent and respond to incidents of identity theft or suspected fraud. This might entail changing account numbers or contacting an insurance carrier to deter the misuse of stolen information. The response also may include notifying the patient of any potential fraud.
- Update the program periodically to help identify and respond to new risks.
The ADA estimates that the cost of compliance for the average dental office will be about $600.
According to the FTC, the Red Flags Rules apply to "financial institutions and creditors with covered accounts." The FTC defines a financial institution as "a state or national bank, a state or federal savings and loan association, a mutual savings bank, a state or federal credit union, or any other entity that holds a 'transaction account' belonging to a consumer" and a creditor as "any entity that regularly extends, renews, or continues credit or regularly arranges for the extension, renewal, or continuation of credit."
That's where dentists and other healthcare providers come in, according to the FTC.
"FTC staff has deemed dentists and physicians as creditors who are subject to the rule when they don't receive payment in full from their patients at the time of treatment," a recent ADA News story noted.
But many dentists and other healthcare providers have been caught off guard by their inclusion in the rules, according to the ADA and other healthcare industry groups. In an article published April 6 by AMNews, many providers were unaware of the rules until last summer.
After the American Medical Association (AMA), ADA, and other trade organizations lobbied the FTC to exempt healthcare providers from the rules, claiming their constituents had not had adequate notification to prepare, the FTC last October delayed the original November 1, 2008, enforcement date by six months. But the FTC has no plans to extend the deadline again, according to AMNews.
As a result, the ADA is redoubling its efforts to halt the application of the rules to dental offices, according to ADA News. In the meantime, the organization has developed compliance materials for ADA members to help them come up to speed on this issue and how they can ensure that their office complies.
"If the AMA (or ADA) is not successful in getting this reversed, then anybody who bills patients would be required to provide the same privacy rules as would banks and other financial institutions," David Lambert, D.D.S., an oral and maxillofacial surgeon in Durham, NC, who has been following this issue, wrote in an e-mail to DrBicuspid.com. "Where the Red Flag Rule might have implications would be along the lines of consumer complaints to the FTC when there's billing disputes, collection actions, etc. And it won't take long for attorneys to figure out they can have big-time leverage in disputes with noncompliant defendants."
Copyright © 2009 DrBicuspid.com