Identity theft: Keep your eyes open

Wednesday, September 30, 2009

ARLINGTON, Va. - HME providers have until next month to comply with a new federal regulation that requires them to have in place processes and procedures to prevent identity theft.

The Federal Trade Commission delayed the rule's start date in late July from Aug. 1 to Nov. 1, 2009. The reason for the delay: to give companies more time to develop and implement their programs.

Fortunately, for most, that should not be a challenge, industry attorney Asela Cuervo said July 23 during an AAHomecare teleconference: "Are you complying with the Red Flag Rules?"

"If you have any kind of compliance program internally, you pretty much have what the basic components of the red flag rule requires you to have," Cuervo said.

The FTC created the rule last year and it applies to all creditors. HME providers qualify as creditors if they bill Medicare beneficiaries after the fact for co-pays and/or deductibles. Providers that collect payment when they dispense product or services are not considered creditors, Cuervo said.

Providers that extend credit must develop a written plan that identifies red flags--patterns, practices or activities that might indicate the possible existence of identify theft, Cuervo said. These could include: Patient information that doesn't match other information on file; a fraud alert on a credit report; and identification that looks altered or forged.