Advertisement

May 25, 2013

"Red Flag Rules" May Impose Additional Administrative Requirements on Hospices

David L. Woodard
Kevin M. Ceglowski
Poyner Spruill LLP
Thursday, August 13, 2009
Administrative & Regulatory / Financial Institutions & Banking / Health Law & Managed Care
All Federal / All States
Printer-friendly
Email this Article
Download PDF
Reprints & Permissions

In 2007, the Federal Trade Commission ("FTC") issued the Red Flag Rules, which require financial institutions and other "creditors" that maintain "covered accounts" to develop and implement Identity Theft Prevention Programs. These Red Flag Rules may apply to health care providers, including hospices. The original deadline for creditors to comply with the Red Flag Rules was November 1, 2008, but this deadline has been extended to May 1, 2009.

A creditor is any entity that regularly extends, renews or continues credit; any entity that regularly arranges for the extension, renewal or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew or continue credit. A covered account is an account used mostly for personal, family or household purposes, and that involves multiple payments or transactions. A covered account is also an account for which there is a foreseeable risk of identity theft. Although some issues surrounding the definition of a creditor are not yet resolved, the FTC has taken the position that a health care provider that bills for services after they are rendered or that accepts insurance but holds the customer ultimately responsible for payment is a creditor subject to the Red Flag Rules.

A Red Flag is a pattern, practice or specific activity that indicates the possible existence of identity theft. Examples of Red Flags include instances when:

  • documents provided for identification appear to have been altered or forged;
  • information on the identification provided by a person is not consistent with information provided by that person when making a credit application;
  • an application appears to have been altered or forged or gives the appearance of having been destroyed and reassembled; and
  • a person opening a credit account fails to provide all required personal identifying information.

The Red Flag Rules require a covered entity to develop and implement a written Identity Theft Prevention Program to detect, prevent and mitigate identity theft in connection with the opening of a covered account or any existing covered account. The Red Flag Rules are flexible and  allow the creditor to develop a program that is appropriate to the size and complexity of a company and its nature and the scope of its activities. The program must include reasonable policies and procedures to do the following.

  • identify Red Flags;
  • detect Red Flags;
  • respond appropriately to any Red Flags that are detected to prevent and mitigate identity theft; and
  • ensure that the program is updated periodically to reflect changes in risks to customers and the business from identity theft.

Hospices should begin preparing to comply with the Red Flag Rules by developing an Identity Theft Prevention Program in advance of the May 1, 2009, deadline. Given the stringent HIPAA privacy requirements that hospices must now comply with, hospices may already have systems in place that satisfy some of the Red Flag Rules. In developing the required program, hospices should consider Red Flags most likely to present themselves in the hospice industry, such as claims that services billed for were not actually provided, claims that services were billed under the wrong patient name and claims that the party billed has been a victim of identity theft. Hospices should also incorporate procedures into their programs for carefully verifying insurance coverage information and change of address requests.

Although the details of each hospice’s program will vary based on the particular nature of each business, these guidelines should provide a starting point for developing the required Identity Theft Prevention Program. Hospice administrators should monitor the status of the Red Flag Rules in advance of the May 1, 2009, effective date and ensure that they have a program in place if there are no further delays in the application of the rules.

© 2009 Poyner Spruill LLP. All rights reserved

About the Author

David L. Woodard
Partner

David practices in the area of employment litigation.  He regularly advises and defends clients in race, age, disability and sex discrimination and harassment cases; reviews handbooks and termination issues; and provides compliance advice on matters of employment law.

Representative Experience

McNeil v. Scotland County - Obtained summary judgment for employer where plaintiff alleged race discrimination and retaliation in violation of Title VII of the Civil Rights Act as well as violation of the Americans with Disabilities Act. Successfully...

dlwoodard@poynerspruill.com
919-783-2854
www.poynerspruill.com
Kevin M. Ceglowski
Associate

Kevin represents employers in many areas of labor and employment law, including race, age, gender, religion, national original, and disability employment discrimination claims, wrongful discharge claims, and wage and hour claims. He defends clients before administrative agencies such as the Equal Employment Opportunity Commission, the Department of Labor, and the North Carolina Employment Security Commission, in state and federal courts, and in arbitrations. Kevin also provides guidance to management to ensure employment practices are in full compliance with all applicable statutes and...

kceglowski@poynerspruill.com
919-783-2853
www.poynerspruill.com

Boost: AJAX core statistics

Legal Disclaimer

You are responsible for reading, understanding and agreeing to the National Law Review's (NLR’s) and the National Law Forum LLC's  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on www.NatLawReview.com are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.  

Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. NLR does not accept advertising from attorneys or law firms. The National Law Review is not a law firm nor is www.NatLawReview.com  intended to be an advertisement or a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional.  NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. 

Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.