HFMA Philadelphia Chapter Newsletter

If you are like most healthcare financial professionals, you have first-hand knowledge of countless patients who used another identity to procure their medical services. Perhaps they stole an insurance card from a family member, or simply borrowed a stranger’s driver’s license to cover the costs of elective surgeries, or much worse. Either way, your organization and the rightful owner of the identification were violated, and most likely left with a large hospital bill that would never be recovered.

Identity theft is prevalent and on the rise. The Federal Trade Commission (FTC) is taking an important step to combat this trend, not only in healthcare, but across financial and lending institutions with its Red Flag Rules and its deadline of November 1, 2008. The Rules apply to any organization, not just healthcare, that extends credit to individuals through a multi-payment plan or covered account.

Some view this regulation as yet another government requirement. I urge you to instead view the Rules as a catalyst to implement changes in your hospitals that will protect you and your patients from identity theft and is an impact on your bottom line.

To comply with the Rules, companies must submit their written program to identify and manage ‘red flag’ accounts by November 1, 2008. Each program needs to meet certain details on how your organization will identify, detect and respond to patterns, practices, or specific activities – known as “red flags.”

Step One: Identification / Detection of Red FlagsHospitals need to accurately identify every patient by validating their demographic information (address, age, social security number, etc.) using a reliable, third party source. Inconsistencies can constitute a ‘red flag’ and immediately notify the registrar that something is amiss with this patient account.

Likewise registrars should be able to view accurate patient information, such as age, to make a visual validation. For example if the patient appears to be in their 20s, but the validated patient information is that of a 60-year old, the registrar should ‘red flag’ this account.