Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds.
THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
According to MedicalNews, Inc and Lynne Jeter, the Medicare “Red-Flag” rules are set to take affect on May 1, 2009.
Three Categories
And, according to David Williams, CPA, FHFMA, a healthcare partner for HORNE in Jackson, Mississippi, the Red Flag guidelines for hospitals, clinics and medical practices can be broken down into three categories.
1. Red Flags that definitely apply to healthcare:
- Documents provided for identification appear altered or forged.
- Photographs or a physical description on file are not consistent with the appearance of the patient.
- Other inconsistent information identifies the patient.
- Inconsistent signatures are on file.
- Patient forms or applications appear forged, altered, or destroyed and re-assembled.
2. Red Flags that may apply to healthcare:
- Statements sent to the patient – or guarantor – that is returned as un-deliverable despite ongoing transactions on active records.
3. Red Flags that most likely do not apply to healthcare:
- A fraud alert is included with a consumer report.
- A consumer reporting agency provides notice of a credit freeze in response to a request for a consumer report, a notice of address discrepancy, and/or unusual credit activity.
- Financial institutions and creditors use challenge questions that the person opening the covered account cannot answer with readily available information.
- A request is made for new, additional or replacement cards or the addition of authorized users on the account shortly after a change of address request.
- A new revolving credit account is used in a manner commonly associated with known patterns of fraud patterns.
- The use of a covered account is inconsistent with established patterns of activity on the account.
- There is unexplained usage of a covered account that has been inactive for a reasonably lengthy period of time.
Assessment
Link: http://www.medicalnewsinc.com/news.php?viewStory=222
Conclusion
Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.
Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos
Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com
OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:
DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors
Share this:
Filed under: Career Development, Healthcare Finance, iMBA, Inc., Practice Management, Risk Management, Sponsors | Tagged: clinics, CMS, David Williams, HIPAA, HORNE, hospitals, identity theft, medical practices, medicare, medicare red flags, Patriot Act, red flags, Sarbanes-Oxley |
The Leading Business Education Network for Doctors, Financial Advisors and Health Industry Consultants 
Organized medicine and the Federal Trade Commission continue to joust over the application to physicians of new identity theft prevention rules. With a May 1 compliance date just around the corner, neither party shows signs of capitulation.
The FTC regulations require a variety of business entities — mainly financial and banking institutions — to implement a written program for preventing identity theft as well as detecting and responding to warning signs of such incidents. The commission maintains that when physicians defer payment for services, they become creditors — entities that regularly extend, renew or continue credit — under the “red flag” rules. Failure to comply could mean administrative penalties or up to $2,500 in fines per violation. To be compliant, physicians must:
• Identify relevant warning signs of potential identity theft. Such red flags may include suspicious documents or billing activity, or notices from law enforcement authorities.
• Establish policies and procedures to detect red flags in day-to-day operations. These may include verifying a patient’s identity and insurance information, or reviewing medical records for discrepancies. Implementing the process requires senior management approval and appropriate staff training.
• Prevent and respond to incidents of identity theft or suspected fraud. This might entail changing account numbers or contacting an insurance carrier to deter the misuse of stolen information. The response also may include notifying the patient of any potential fraud.
• Update the program periodically to help identify and respond to new risks.
Source: Amy Lynn Sorrel, AMNews [4/6/09]
Submitted by the Pod Doctor
LikeLike
Since my business office still uses the pegboard, and no patients’ identifiers are on any computer, my official Red Flags policy is simple:
“Staff; if you notice anything unusual in relation to our patients’ accounts; or if you are handed an unusual-looking drivers license, notify me immediately”.
Darrell K. Pruitt; DDS
LikeLike
Darrell,
I’m right there with you … this is the safest approach to take.
James Flynn
LikeLike
Docs Seek to Block ‘Red Flags’ Rule
Arguing that it places physician practices under the same regulations as banks, credit card companies, and mortgage lenders, a lawsuit was filed in federal court in Washington seeking to block the Federal Trade Commission from imposing on doctors its “red flags” rule which deals with preventing, detecting, and mitigating identity theft.
The lawsuit, filed by the American Medical Association, American Osteopathic Association, and the Medical Society of the District of Columbia, states that the rule requires “financial institutions” to implement a written identity-theft prevention and detection plan and notes that the FTC had announced that the physicians had until June 1 to comply.
“In applying the Red Flags Rule to physicians who do not require payment in full at the time of providing care to patients, the FTC is exceeding its statutory authority and acting arbitrarily and capriciously,” according to the lawsuit.
Source: Andis Robeznieks, Modern Healthcare [5/21/10]
LikeLike
OIG: Medicare Exposed to Financial Losses from ID Theft
Although the CMS managed to notify the nearly 14,000 Medicare beneficiaries whose medical identities were stolen in a recent two-year period, the agency failed to meet legal requirements designed to minimize financial losses to the program, a government watchdog found.
The HHS inspector general’s report issued Wednesday examined the 14 reported CMS security breaches from Sept. 23, 2009, to Dec. 31, 2011, resulting in the stolen medical identities of 13,775 Medicare beneficiaries. It found the agency failed to meet several legal requirements, including steps designed to stop payment for services linked to the stolen beneficiary numbers.
Source: Rich Daly, Modern Healthcare [10/10/12]
LikeLike
The ONC’s new guide to HIT dangers omits medical identity theft
Yesterday, Kathy Kenyon, JD, Senior Policy Analyst , and Steven Posnack, Director Federal Policy Division, ONC, posted a guide on the Department of HHS blog to aid in the identification and reporting of safety issues with electronic health records – yet medical identity theft was not mentioned. Why?
http://www.healthit.gov/buzz-blog/electronic-health-and-medical-records/guide-identify-address-unsafe-conditions-health/
Dear Kathy Kenyon and Steven Posnack:
I noticed that the new ONC guide you describe, “How to Identify and Address Unsafe Conditions Associated with Health IT,” does not mention data breaches, even though medical identity theft and its potentially lethal consequences are becoming increasingly common.
For example, apparently Protected Health Information (PHJ), including the social security numbers of up to 11,000 Williamsport, Pennsylvania dental patients, have been available online for 3 years due to an unreported data breach from a HIPAA-covered dentist.
http://thepiratebay.sx/torrent/5374693/
As a taxpayer and occasional patient, I must ask, does the ONC even have a clue how many breaches involving thousands of patients go unreported for years? I think most Americans would agree that we deserve to know what percentage of major PHI breaches are represented on the HHS Wall of Shame. Is it closer to 70% or 30%?
Personally, I think the only ethical response for HHS is to accept ownership of the problem and warn vulnerable Americans as soon as possible. After all, 11,000 people is approximately 1/3 of Williamsport’s population. You should also make it easier for concerned Americans to report breaches.
D. Kellus Pruitt DDS
LikeLike
New Threat to Physicians
Doctors and staff need to always be on their toes when it comes to protecting patient information. The number one threat to patient information comes from identity theft. Identity theft can take many forms, from stealing a laptop or an external hard drive to hacking into your network. Recently, there has been a new attempt to get patient information, and it is one of the most clever attempts yet. The identity thieves call the office and pretend to be from Microsoft. They tell the staff member that there is a serious problem coming from their computer and that this Microsoft tech needs to remotely access your system to fix it.
Never grant access to your system to anyone you do not know. Remote access to your system must always be coordinated with your doctor and IT company. If an attempt is made in your office, make sure you notify all of the staff in case of another attempt.
Firewalls are now the norm, and they are very effective. Hard drives are now encrypted and virtually impenetrable to hacking. Networks are encrypted. The criminals know that the weakest link in any security system is the human element. So rather than bust through the back door, identity thieves will now try to stroll through the front door.
SOURCE:
Raymond F Posa MBA
Farmingdale, NJ
Rposa@themantagroup.com
LikeLike
Medical Identity Theft Becoming Growing Concern for Patients and Consumers
Along with a rise in health care breaches, medical identity theft remains a top concern among consumers as cyber-criminals look to capitalize on the bigger payout for PHI on the black market.
Industry reports reveal medical identity theft has now claimed more than 1.8 million U.S. victims, granting hackers the ability to gain medical services, procure drugs and defraud private insurers and government benefit programs.
Health care organizations face the challenge of securing a significant amount of sensitive information stored on their networks, which combined with the value of a medical identity string makes them an attractive target for cyber-criminals.
Dr. David Edward Marcinko MBA
LikeLike