Tuesday, March 31, 2009

Red Flag Rule Information

Last week Enhanced Management Services sent out an e-mail blast with information to help our clients begin to comply with the “Red Flag Rules”. Enhanced strongly urges all of our clients to use the link on the e-mail you received to access to the Page, Wolfberg and Wirth website to place an order for the Red Flag Rule kit they are featuring. Everything your company will need to put a compliance policy in place will be sent directly to you. It’s that simple!

We do understand that questions have arisen about this rule since the e-mail went out, so we thought we’d post this thread to open discussion on the matter.

Here are three simple facts.

First - the Red Flag Rule applies to all Health Care providers (ambulances included) as they qualify as “creditors” given the fact that an ambulance company bills consumers after services are completed or ambulances accept insurance if the consumer is ultimately responsible for any unpaid balance.

Second - in order to comply with the Federal Trade Commissions Red Flag Rules, an ambulance service must establish a written program to detect, prevent and mitigate Identity Theft and have that program in place no later than May 1, 2009. The program must be only as elaborate relevant to the size and complexity of the organization. The FTC states that high risk entities should have more elaborate programs, while low risk entities may have more basic programs. Regardless of the size and complexity of the program, the bottom line here is…all ambulance companies that bill patients must have a program. The FTC explains their view that health care providers and ambulance services, as a subset of that community, must comply due to the fact that 4.5% of the 8.3 million victims of identity theft suffered some form of identity theft related to the misuse of their medical information.

Third - the potential fine, should a medical identity theft occur as a result of your organization’s lack of protection, is $3,500 per violation and a violation would be counted as each individual claim that involved an identity theft. Therefore, if someone in your organization steals medical identity information from one hundred patients in your ePCR database, the fine to your organization would potentially be $350,000 dollars!

There are definitely “naysayers” within the EMS provider community who are scoffing about the Red Flag Rule compliance warnings. Enhanced is warning all of our clients to take this seriously, which is why we recommend the package offered by Page, Wolfberg and Wirth to take the stress off you and your staff by providing a cost-effective package to help you comply with the new rules.

Feel free to add your questions or comments about the Red Flag Rules below by joining our blog. You may want to share how your company’s plans to implement your program or other information you have learned that may be helpful to other Enhanced clients.
Post a Comment