The Red Flags Rule and EMR
Despite efforts from the American Medical Association, the Federal Trade Commission has ruled that physician offices fall under the new Red Flags Rule designed to affect American consumers. What does that mean to you and your EMR system?
What Is the Red Flag Rule?
In an effort to defend against the rising problem of identity theft, the Red Flags Rule requires many businesses to create systems to monitor so-called “red flags” that indicate a customer might be using a stolen identity. An organization that doesn’t respond to these red flags can be subject to federal penalties.
The red flags can be obvious, such as a customer presenting a photo ID with a picture that clearly is of someone else. However the signs can be subtler. An inactive account suddenly becomes active. A customer sends in a change of address then immediately starts using the account to make purchases much larger than before. Any of these, if overlooked, can get the creditor in trouble.
Are Doctor’s Offices Subject to the Red Flags Rule
The AMA and other organizations argued that HIPAA regulations already put substantial onus on medical offices to protect patients’ private information. They reasoned that patient financial data was already adequately protect by modern medical practice management and that to add the Red Flags requirements would put an unnecessary burden on providers.
The FTC didn’t agree with their argument. Since medical offices commonly defer payment, allowing patients to pay charges over time, they qualify as creditors and are subject to Red Flags. While most offices have medical practice management systems that might satisfy most of the Red Flags requirements, they still need a written Red Flags policy that includes rules for responding to suspicious account activity.
Does EMR Help Red Flags Compliance?
Providers that include EMR as part of their medical practice management may have a leg up on Red Flags compliance, although they will still have to document their policies.
Electronic records are generally safer than paper records; thus reducing the chance an identity thief could steal patient financial information. While this does not directly apply to Red Flags, it one less avenue identity thieves could use to acquire information that could be used to defraud the practice.
The main advantage electronic records provide to medical practice management is they make it easier to spot trends. Accounts which have been reactivated or had the address changed could be monitored for suspicious activity. Other triggers could be set up to notify operators if a patient account starts to see unusual transactions.
The monitoring capabilities of electronic medical practice management make it easier for an office to create written policies that protect them against Red Flag penalties. Although many industry experts agree that identity theft has already been minimized by HIPAA, electronic records allow Red Flag compliance with little extra effort.
Author is a freelance copywriter. For more information on medical practice management, visit http://www.freedommd.com/Index.htm.