HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases

More»

E-learning

  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation

More»

Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


More»

Archive for Red Flags Rule

John Commins, for HealthLeaders Media

The American Medical Association Monday applauded a federal appeals court’s ruling that physicians who bill patients after providing services are not subject to the Federal Trade Commission Red Flags Rule that apply to creditors.

AMA President Cecil B. Wilson, MD, said the ruling Friday by the U.S. Court of Appeals in Washington, DC, validates the AMA’s long-standing argument with the Federal Trade Commission about the red flag rules’ application to physicians.

The appeals court, ruling on a lawsuit filed by the American Bar Association that challenged the application of the Red Flags Rule to attorneys, said the FTC’s regulations were made invalid because Congress passed the Red Flag Program Clarification Act of 2010 in December to better define who is considered a creditor under the rule.

“The court’s decision reinforces the intent of a new law clarifying the scope of the red flag rule and helps eliminate any further confusion about the rule’s application to physicians,” Wilson said in a statement. “The AMA will remain vigilant that the FTC respects the meaning and intent of the Clarification Act.”

The AMA and other physicians’ groups objected to the FTC’s requirement for physicians to verify the identity of their patients before agreeing to treat them if the patients are not paying in full at the time of the visit.

The intention of the requirement is to prevent potential cases of identity theft. If a patient says he or she is someone else, the wrong person or entity would be billed for that individual’s care.  But doctors complained that requiring such proof of identity is time-consuming, awkward, and may delay care if the patient didn’t bring proper documents.

On Friday, the three-judge appeals panel wrote that “the Clarification Act makes it plain that the granting of a right to ‘purchase property or services and defer payment therefore’ is no longer enough to make a person or firm subject to the FTC’s red flags rule — there must now be an explicit advancement of funds. In other words, the FTC’s assertion that the term ‘creditor,’ as used in the red flags rule and the FACT Act, includes ‘all entities that regularly permit deferred payments for goods or services,’ including professionals ‘such as lawyers or health care providers, who bill their clients after services are rendered,’…is no longer viable.”

The appeals court ruling may be viewed here. The Red Flag Program Clarification Act of 2010 may be viewed here.

Categories : Red Flags Rule
Comments (1)

Chris Apgar, CISSP, president, Apgar & Associates LLC, in Portland, OR, has raised a red flag of his own. “The Red Flags Rule requires creditors (which most providers are) to reasonably ensure what HIPAA categorizes as (business associates) to implement their own identity theft protection program for accounts managed by the covered entity,” he says.

The Red Flags Rule (The Rule) became effective May 1, 2008, and is significant for BAs. Apgar recommends a small, but important, addition to new BA agreements and existing ones, if necessary.

The Rule is an amendment to the Fair and Accurate Credit Transactions Act of 2003. The Rule requires financial institutions and creditors with covered accounts to establish identity theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft.


Categories : Red Flags Rule
Comments (0)

President Obama Saturday signed the bill that changes the Red Flags Rule’s definition of “creditor” and relieves some physicians of having to comply with the Federal Trade Commission’s identity theft prevention law.

Earlier in the month, the House and Senate passed the bill—“Red Flag Program Clarification Act of 2010.”

The enforcement date for the Red Flags Rule is Dec. 31, 2010. The FTC said earlier this year on its website that it delayed enforcement at the request of Congress as it “considers legislation that would affect the scope of entities covered by the rule.” Compliance date was November 1, 2008.

Red Flags calls for “creditors” to establish a program to protect patients from medical identity theft.

The bill included changes to the FTC’s definition of “creditor.” Smaller entities such as physician practices and doctor’s offices have long debated they should be let off the hook from complying. Some have filed lawsuits.

Jeff Drummond, health law partner in the Dallas office of Jackson Walker LLP, says the law doesn’t actually “remove physicians from the Red Flags Rule.” It clarifies in a reasonable way, he says, what a “creditor” is.

“I think the FTC went way overboard with their definition of ‘creditor’ including anyone who takes payment after providing the service,” Drummond says. “Taken to its logical extreme, McDonalds and Burger King are not creditors, but Chili’s is. So, it’s a good change to rein in an overbroad regulatory agency.”

Some physicians will still be creditors; plastic surgeons and lasik surgeons, for example, if they take payments over time from their patients.

Drummond adds it’s not that hard to establish an identity theft prevention program, as the Red Flags Rule require; doctors have to have HIPAA programs in place anyway.

“It’s just good practice, and good customer service, to have an ID theft prevention program in place,” Drummond says. “So, even if you don’t have to, you ought to.”

Categories : Red Flags Rule
Comments (3)

The Senate and House have each passed a bill that changes the Red Flags Rule’s definition of “creditor” and relieves doctors of complying with the Federal Trade Commission’s identity theft prevention law.

The House Tuesday passed the bill—”Red Flag Program Clarification Act of 2010″—less than a week after the Senate approved the bill.

The enforcement date for the rule is Dec. 31, 2010. The FTC said earlier this year on its website that it delayed enforcement at the request of Congress as it “considers legislation that would affect the scope of entities covered by the rule.” Compliance date was November 1, 2008.

And now, that very legislation passed this week only awaits a signature from President Obama before becoming law.

The bill calls for changes to the FTC’s definition of “creditor.” Smaller entities such as physician practices and doctor’s offices have long debated they should be let off the hook from complying. Some have filed lawsuits.

Representative John Adler, D-NJ, said in the House debate Tuesday that the purpose of the Red Flag Program Clarification Act “is to limit the type of creditor that must be covered by the FTC’s Red Flags Rule.”

“When I think of the word ‘creditor,’ dentists, accounting firms, and law firms do not come to mind,” Adler said.

However, he said, the Red Flags Rule as written now requires these types of professions and others to comply.

The FTC “broadly interpreted” creditors to include any business that allows clients to establish a payment plan in exchange for their services rendered, said Rep Paul Broun, R-GA. This swept in “many businesses that do not operate as a creditor in the general understanding of the term, such as dentists, doctors, veterinarians, lawyers, accountants, and many other health care providers that offer their clients payment plans.”

Added Adler: “It is clear when Congress wrote the law, they never contemplated including these types of businesses within the broad scope of that law. … We need to be careful that the laws we pass address the problem and do so in a way that doesn’t adversely and unfairly impact small businesses.”

This week’s Clarification Act includes the following language regarding the definition of a creditor as one that regularly and in the ordinary course of business:

  • Obtains or uses consumer reports, directly or indirectly, in connection with a credit transaction
  • Furnishes information to consumer reporting agencies in connection with a credit transaction
  • Advances funds to or on behalf of a person, based on an obligation of the person to repay the funds or repayable from specific property pledged by or on behalf of the person

Creditors do not include those that advance funds on behalf of a person for expenses incidental to a service provided by the creditor to that person

The current language in the FTC’s Red Flags Rule regarding the definition of a creditor includes:

  • A creditor is any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit.
  • Accepting credit cards as a form of payment does not in and of itself make an entity a creditor. Creditors include finance companies, automobile dealers, mortgage brokers, utility companies, and telecommunications companies.

The bill may be viewed here.

Categories : Red Flags Rule
Comments (0)

Seventy-three defendants—including alleged members of an Armenian-American crime syndicate called Mirzoyan-Terdjanian—have been indicted for crimes involving more than $163 million in fraudulent billing of Medicare and insurance companies across the nation, the U.S. Department of Justice says.

The announcement came Wednesday after indictments were unsealed in California, Georgia, New Mexico, New York and Ohio. Law enforcement officials in the national, multi-agency investigation reported 52 arrests on Wednesday, in what the DOJ says is the largest prosecution of a Medicare fraud scheme committed by one criminal enterprise.

The defendants are charged with highly-organized, multi-million dollar schemes to defraud Medicare and insurance companies by submitting fraudulent bills for medically unnecessary treatments, or treatments that were never performed, DOJ alleges.

According to the indictments, the defendants allegedly stole the identities of doctors and thousands of Medicare beneficiaries and operated at least 118 different phony clinics in 25 states that submitted bogus Medicare reimbursement claims.

“The international organized crime enterprise known as the Mirzoyan-Terdjanian, fleeced the healthcare system through a wide-range of money making criminal fraud schemes,” says Kevin Perkins, FBI assistant director of the Criminal Investigative Division.

“The members and associates located throughout the United States and in Armenia, perpetrated a large-scale, nationwide Medicare scam that fraudulently billed Medicare for more than $100 million of unnecessary medical treatments using a series of phantom clinics,” Perkins said. “We want to restore the confidence in the nation?s healthcare system and assure practitioners we will not stand by and let their identities be used for criminal gain.”

Acting Deputy Attorney General Gary G. Grinder said the emergence of the Mirzoyan-Terdjanian operation “signals a dangerous expansion that poses a serious threat to consumers as these syndicates are willing to exploit almost any program, business or individual to earn an illegal profit.”

Here is the breakdown for the defendants:

  • Forty-four defendants were charged in two indictments unsealed Wednesday in New York with racketeering conspiracy and conspiracy to commit: healthcare fraud, bank fraud, money laundering, fraud in connection with identity theft, credit card fraud and immigration fraud.
  • Seven defendants were charged in New Mexico with healthcare fraud, mail fraud, wire fraud, money laundering conspiracy, money laundering, forfeiture and aggravated identity theft.
  • Six defendants were charged in Georgia with healthcare fraud, conspiracy to commit healthcare fraud, money laundering conspiracy and aggravated identity theft.
  • Six defendants were charged in Ohio with healthcare fraud, mail fraud, conspiracy to commit mail fraud, wire fraud, conspiracy to commit money laundering and aggravated identity theft.
  • Ten defendants were charged in two indictments in California with conspiracy to commit bank fraud, bank fraud, money laundering, conspiracy to launder monetary instruments, criminal forfeiture, aggravated identity theft, aiding and abetting, and causing an act to be done.

Federal prosecutors say Mirzoyan-Terdjanian is named for its leaders, Davit Mirzoyan and Robert Terdjanian. The gang is based in Los Angeles and New York, and its operations extend throughout the United States and internationally.

Among the defendants charged with racketeering is Armen Kazarian, who is alleged to be a “Vor,” a term translated as “Thief-in-Law,” which refers to a member of a select group of high-level criminals from Russia, Armenia, and other countries that had been part of the former Soviet Union. This is the first time a Vor has been charged with racketeering, and the first time since 1996 that a Vor has been arrested on a federal charge.

Comments (0)