Simplified Solutions from Emdeon

In an important announcement affecting hospitals and physicians, The Federal Trade Commission (FTC) has extended the deadline for creditors to implement Red Flags Rule to August 1, 2009. Under this directive, which is aimed at preventing consumer identity theft, creditors are required to create a written and actionable program to detect warning signs, or "red flags," which alert staff to take extra steps to confirm an applicant's identity.

By complying with the rule, providers may realize more revenue due to the reduction in unpaid bills left by fraudulent actions. Providers will also be able to assure patients that they are taking extra precautions to prevent identity theft-a consumer-pleasing strategy whether patients provide financial information via electronic or paper routes. 


Providers as Creditors

Why is this important news for hospitals and physicians? If healthcare providers allow patients to defer payments or set up an outside line of credit to help them pay for care, that is considered acting as a creditor under the federal regulation and will require providers to create a reasonable set of rules to identify red flags to prevent identity theft. In addition, each institution's board of directors will be obligated to monitor the new system. This board will also be accountable for making sure the system is reviewed and updated regularly to deal with the changing marketplace and tactics of identity thieves.


Seek Expert Guidance

Creating these new procedures can create unique and complex situations for providers due to privacy concerns, regulations, and even legislation (such as HIPAA) specific to the handling of patient records, the securing of financial information, and the refusal of care.  Therefore, consulting with the appropriate legal, financial, and technical professionals to ensure compliance should be considered. There are also commercially available tools designed to guide providers through this process. These advisors and programs can help create an efficient and effective system that fits the way a facility currently operates.  Because every facility is different, and there is a wide range of options for assistance, it is important to closely examine potential partners to make sure you find someone who understands the unique needs of a healthcare business.


No Criminal Penalties

There are no criminal penalties for noncompliance with the FTC Red Flags Rule.  However, failure to comply could potentially lead to civil monetary penalties that would be costly for any healthcare business. The primary reason that creditors, businesses, and the healthcare industry should participate is simple: it's what customers and patients expect. 


What to Look For

The FTC lists the examples below as events that should set off red flags and trigger a more in-depth review under the new guidelines:

  • Alerts, notifications, or warnings from a consumer reporting agency
  • Suspicious documents, such as an incorrect or invalid driver's license or social security card
  • Suspicious personal information on applications, such as a suspicious address
  • Unusual use of, or suspicious activity relating to, a covered account
  • Notices from insurance companies, victims of identity theft, law enforcement authorities, or other businesses about possible identity theft in connection with covered accounts

The FTC describes these as starting points, and not the end result every Red Flags system should follow.


What to Do with a Flag

Once a suspicious event has been brought to your attention, there are a large number of things that can be done to help protect the integrity of a healthcare business and a patients' privacy.  Here are a few suggestions from the FTC:

  • Do not open a new account if there are suspicions of the validity of that person's true identity.
  • Increase monitoring the covered account for evidence of identity theft.
  • Contact the customer to confirm correct identity.
  • Change passwords, security codes, or other methods of account access.
  • If unauthorized access is expected, close an existing account and reopen the account with a new account number.
  • Do not try to collect on an account or sell an account to a debt collector if you have reasonable and strong suspicions that identity theft has occurred with a covered account.
  • Notify law enforcement for further investigation.

Prevention Is the Key

The responsibility for reducing identity theft and fraudulent activity within the healthcare industry lies with each healthcare provider. The more proactive providers are to address the Red Flags Rule, the more prepared they will be on August 1, 2009. 

Learn more by visiting the FTC's web site and be sure to consult documented FTC literature: Fighting Fraud with the Red Flags Rule: A How-To Guide for Business

Emdeon is the leading provider of integrated patient billing and payment solutions that simplify consumer billing and payment processes for hospitals, physicians, and healthcare providers. Through our innovative suite of print and e-commerce solutions, we facilitate provider-patient communications for optimized revenue collection and enhanced patient satisfaction. Contact us today at 877.EMDEON.6 (877.363.3666) or visit us at to find out more.

Publication Date: Wednesday, July 01, 2009