Red Flag Rule




    Recently you may have noticed that we are asking for more proof of who you say you are.  And while I know that much of our intake process seems superfluous (and perhaps some is) we physicians have been caught up in yet another governmental bureaucratic process that didn't intentionally include us.  You know how that works if you have ever dealt with a bureaucratic governmental (isn't that a duplication of terms?) issue.
    Certianly everyone at this point has heard of, and lived in fear of, identity theft.  This is where the Red Flag Rule is important, because if someone steals your identity they can also use your insurance plan and benefits.  And this is how we - in the medical field - get pulled into this ruling.  Because we are considered creditors we have been included in this federal rule.  As such, we are required to establish formal identity theft prevention programs to protect consumers.  And although this program was primarily directed at the financial sector (by theFTC - Federal Trade Commission), physicians got caught up in it because of the "creditor" clause.
    If you have ever been denied coverage due to factors such as "pre-existing conditions" then you will understand that if someone uses your insurance identity and has medical problems, this can be a road block to you later.  Much like having to regain your identity from a financial standpoint you may have (read WILL HAVE) to prove that you did not have the problems that insurance companies are trying to use to keep from covering you.  Of course, if we do indeed get some form of universal medical coverage, pre-existing clauses will go away.  But I digress.  Potentially there could be a case where a patient is denied future benefits based on false information in their file that actually belongs to the perpetrator of the identity theft.
    So where did this start, you ask. The Fair and Accurate Credit Transactions (FACT) Act of 2003 included an "Identity Theft Red Flags Rule" which required creditors to establish a program to prevent identity theft.  Physicians/medical entities were dragged into this by being considered "a creditor". This is defined by law as "any entity that regularly extends, renews, continues credit or arranges for the extension of credit".  Since we doctors let people owe us money, we therefore are considered creditors, and thus the long arm of the law has _____ (you fill in the blank).  We have the Federal Trade Commission (FTC) to thank for this.  And we must develop a program to accomplish 4 tasks:
      1.  Identity relevent red flags
      2.  Detect red flags
      3.  Prevent and mitigate identity theft
      4.  Update the prevention program regularly
                                THANKS GOV, I NEEDED SOMETHING MORE TO DO
    So what is a red flag?  Quite possibly anything, if you ask me: bascially any sign that your credentials are not valid or a sign that someone else is posing as you.  These include the usual and customary things like alerts or warning from any agency, particularly agencies that handle our accounts (i.e. billing companies), and any "suspicious-looking" document or activity.  We have to develop a policy/program to deal with this issue.  Anyone who works for a company knows about policies and procedures, rules and regs.  This also means we add a statement to our HIPAA document; yes, we know it's long and cumbersome already.
    So what does this mean for you, our patient, when you come to our office?  It means that we ask for more documentation of who you say you are.  We ask for more documents to corroborate the first set of documents you gave us.  While it is annoying for you (particularly those of us who dislike Big Brother application) it is important protection for you and now a legal requirement.
    So we will be asking for the following from you - our patient:
      1.  Proof of identity
      2.  A photo ID
      3.  More than one document of identity
      4.  The usual insurance information
      5.  We will be matching information you give to that already on file to ensure it matches
      6.  Your social security number; I feel your pain here as I hate to give mine to anyone too
      7.  If you receive a bill or EOB that you don't think is yours, contact us
      8.  If you call us requesting information about yourself or a loved one,
           we will be requiring proof of your identity before providing that information. 
           We already do this because of HIPAA.
    So, not only is Big Brother watching you and knows more about you than you wanted known, he is also demanding that you verify who you are.