If a practice determines it qualifies as a creditor, the Red Flag Rules apply.  Does your practice regularly allow patients to pay in full at a later date, NOT at the time of the service rendered?  According to the FTC, your practice would be considered a creditor.

Your practice would be required to develop an Identity Theft Program that contains "reasonable policies and procedures” to: http://www.fiercehealthcare.com/story/ftc-cracks-
down-medical-identity-theft/2008-09-29   

• Identify relevant patterns, practices, and specific forms of activity that are "red flags," signaling possible identify theft
• Detect these patterns, or "red flags"
• Respond to those detected to prevent and mitigate identity theft
• Ensure the program is updated periodically to reflect changes in risks

In administering such a program, a creditor would need to:

• Involve the board or senior management designee(s)
• Train staff
• Exercise oversight of service provider arrangements  http://www.worldprivacyforum.org/pdf/WPF_
  RedFlagReport_
  09242008fs.pdf

THE SOLUTION
TBG Fraud Solutions, a national employee training organization, is offering qualifying health care practices a NO COST program designed specifically to assist with Red Flag compliance obligations and reduce practice liability.  TBG’s multi-faceted approach includes a combination of: CITRMS certified mandatory employee training

Signed employee security agreements Mitigation options A ten page comprehensive written policy (customized to your practice)

When you change the way an employee thinks, it results in a change of behavior, reducing the risk of an information breach that may lead to Identity Theft.  At TBG Fraud Solutions, we are confident that our customized training will lead to an atmosphere of awareness and security within your organization.

HOW CAN THIS BE NO COST?
Identity theft is not preventable, but mitigation steps can be taken to reduce your risk and avoid the 607 hours typically needed for a victim to restore their good name.  There is a comprehensive, NYSE backed Identity Theft Mitigation Program we recommend making available to your employees as a completely optional, employee-paid benefit.  The average participation rate by health care employees for this voluntary program is over 50%, indicating obvious demand. Your employees will also enjoy a discounted rate available only to businesses.  “One solution that provides an affirmative defense against potential fines, fees, and lawsuits is to offer some sort of identity theft protection as an employee benefit.  The key is to make the protection available, and have a mandatory employee meeting on identity theft and the protection you are making available.”
(Business and Legal Reports)

Please contact us for program availability, references, and further details.

DALLAS CBS11 News(Baylor Medical Center Employees Violate Privacy Laws)  Baylor Medical Center in Dallas has fired several employees, claiming they violated federal privacy laws. And it goes back to a trip to the emergency room that made national headlines and became a media circus.

San Francisco Chronicle (California Data-breach Law Now Covers Medical Information) California residents must now be notified when their electronic medical information or health insurance information has been exposed. The exposed information must include a California resident's name to require notification but does not need to include Social Security numbers. The law applies to state agencies and any company that does business with Californians, even if its headquarters are not in the state.

Tyler Paper.com (Man in Jail after Impersonating a Doctor)
A man who stole a doctor's identity nine years ago is behind bars after undercover detectives learned he was calling in prescriptions, posing as a patient to pick them up, and selling the medications on the street.