About Hayes
Quick Facts Our People
Management Team
Our Work
Client List Case Studies
Our Awards Our Partners Newsletters
Strategic Consulting
EMR Readiness & Planning IT Strategic Planning Stark-related Business System Selection
Business & Clinical Operations
Revenue Cycle Improvement EDIminer
Regulatory Mandate Services
ARRA Services EDI ANSI 5010 ICD-10 RAC Audits
IT Consulting
EMR Data Conversion Systems Expertise
Epic Allscripts GE Centricity Business GE Centricity EMR NextGen InterSystems
Hayes' Methodology Systems Implementation, Upgrades & Conversions Interoperability Services
Interface Simplification Strategy Web Design & Development
Interim Management
Leadership Project Resources
MDaudit Software
MDaudit™ Professional MDaudit™ Hospital
Media Room
Press Kit Press Releases In The News Newsletters Conferences & Presentations
Careers
Benefits Working at Hayes Opportunities Employee Testimonials

FTC Red Flag Rules:  Are you ready?

MEDIA CONTACT:
Wendy Loveland
Hayes Management Consulting
wloveland@hayesmanagement.com
617.559.0404

FTC Red Flag Rules:  Are you ready?

As of August 1, 2009 the Federal Trade Commission (FTC) requires healthcare organizations defined as “creditors” to develop and implement an identity theft prevention program.  This complements existing HIPAA rules.

How do I know if my organization is affected by the Red Flag Rules?

  • Are you a provider who creates patient accounts that allow multiple payments? If so, you are considered a creditor offering a covered account and are subject to the Red Flag Rules.
  • Do you use consumer credit reports? If yes, you come under the Address Discrepancy Rule, which is part of the Red Flag Rules.

How do I comply with the Red Flag Rules?
To comply with the Red Flags Rules, you must have the following in place:

  • An identity theft prevention process that includes reasonable policies and procedures to identify relevant “red flags” of identity theft in your day-to-day operations
  • Alerts, notifications and flags in place to identify suspicious documents, addresses or bogus social security numbers
  • A known protocol for staff members to take if they find that patient information has been breached
  • Executive involvement in the oversight and development of your Red Flag program

How can Hayes assist our organization?

Hayes can help your organization develop a Red Flag program.  Some of the activities we may undertake include the following:

  • Review your current privacy and security practices to determine what else needs to be done to comply
  • Perform a risk assessment of security checks to minimize data breaches
  • Assist with preparation of the forms, materials and information that is required for annual reporting
  • Train your staff on how to detect suspicious activity
  • Recommend a protocol for staff when potential identity theft is identified

If you are interested in this Hayes service, or would like more information, please call 617-559-0404.   

For more information about the Red Flag Rules, visit the FTC website at http://ftc.gov/redflagsrule.