With ambiguity over the definition of ‘creditor’ as it relates to the healthcare environment the American Medical Association (AMA) along with others cried “foul” and threw their challenge flag regarding the FTC’s Red Flag Rule. While the AMA is not against protecting patient’s privacy, details within the regulations caused some turmoil as to how this would disrupt physician practices. Delayed implementation and one lawsuit later saw the deadlines continued to get pushed back. Then in December 2010 Congress passed, and Obama signed into law, the “Red Flag Program Clarification Act of 2010.” Clarifying what creditor means, it essentially removed physicians from under the Red Flag Program. Even with this, it doesn’t mean healthcare can just ignore identify theft issues. Even the AMA agrees. While they don’t think most physicians will fall under the redefined categories of ‘creditor’ it does provide some Red Flag Rule Guidance, sample policy, and FAQ on their website (AMA membership required). Every organization can benefit from an identity theft prevention program and healthcare is no exception. In fact the majority of privacy breach violations are prosecuted under HIPAA anyways. With the loss of regulatory deadlines, the urgency to implement programs “formally known as Red Flag” seems to be faltering in some healthcare institutions. However the benefits of a successfully implemented identity theft program may limit losses and even gain consumer/patient confidence. With losses occurring due to bad debt and denial of payment false pretenses of identity theft (otherwise known as “I don’t want people to know it was me that was sent to the ED passed out”) a program can help successfully defend revenue recapture efforts. It also helps to curtail medical errors when individuals attempt to use another person’s medical records/insurance to obtain treatment or are merely drug seeking. Anyway it’s sliced an identity theft program will aid any organization and many healthcare organizations are continuing forward with their programs regardless of where they are in their implementation. While the FTC continues to offer guidance HITRUST may interest healthcare organizations directly with its Common Security Framework (CSF) that has continued to gain momentum in offering a validation tool to not just Red Flag but also HIPAA and other requirements. For those healthcare environments that have quantified the costs of resolving identity theft claims (both legitimate and not), they realize a little preventative medicine is worth it. I don’t need to remind those in healthcare that while that annual influenza shot may sting a little when you get it, it’s worth it in the long run.
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
YouTube session cookie.
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
Analytics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
Discover why security operations teams choose NetSPI.