Medical Advocate and Billing Consultants
The MABC Perspective
Medical Advocate & Billing Consultants © 2012
All Rights Reserved
For Your Next Doctor’s Appointment – Be Photo Ready!
By Sally Brinkmann, R.N., B.S.
October 21, 2010
December 21, 2010 (Addendum)
Don’t be surprised if you arrive at your next doctor’s visit and, instead of a smile and hello, you receive a request for photo identification. And it won’t matter if this is a first time visit to a specialist, or a physician you have known for years. Your physician may now be asking you to present photo ID (driver’s license, photo ID card, or passport) prior to treating you. In fact, some offices now have state of the art equipment to take your photo so it can immediately be placed in your medical file. There have even been reports of physicians refusing to provide care if patients don’t provide the requested photo ID! Verification with photo identification also extends past adults to children. Right about now, I’ll bet you are more than a little surprised to learn of this matter.
Why are physicians starting this practice? Reportedly it is to be in compliance with a new Federal Trade Commission (FTC) Identity Theft Prevention Program called the “Red Flags Rule” (“Rule”). The abbreviated background on the “Rule” is that Congress directed the FTC to develop regulations requiring creditors and financial institutions to address the risk of identity theft. The “Rule” requires businesses to implement a written Identity Theft Prevention Program to detect the warning signs or “red flags” of identity theft. One interesting point with regard to the FTC and the Red Flags Rule is their “A How-To Guide for Business”. Within this Guide, Section D, #3– “Designing Your Identity Theft Prevention Program” – Question re: Photo IDs: “The Rule doesn’t specifically require you to check a customers’ photo IDs. Of course, for some businesses, checking photo IDs is one way to verify that customers are who they claim to be. But if you decide to ask for a photo ID, keeping a copy often is unnecessary and can raise privacy and data security concerns, especially if you’re collecting other personal information like date of birth, address, or Social Security number.”(1)
The Red Flags Rule has been delayed a fifth time since it was originally scheduled to be implemented on November 1, 2008. The current enforcement date is now scheduled to be December 31, 2010, but that may change pending a lawsuit filed by the American Medical Association (AMA) on May 21, 2010.(2) The link provided to the AMA “Complaint for Declaratory & Injunctive Relief” clearly outlines their position as to why they don’t believe physicians are “creditors” of patients and should not fall under the “Rule”. The lawsuit is informative and well worth the read as it also reviews other aspects of current health care law (HIPAA, HITECH). Regardless, of the delays in the enforcement of the “Rule”, or the AMA’s position on the “Rule”, there are still many physicians throughout the U.S. demanding photo ID before treating a patient. It is unclear how the CMA (California Medical Association) is guiding its’ members regarding the “Rule” because when contacted by me with questions/issues they would only reply that they are there for their members only – physicians. The AMA does have a Sample Policy regarding the “Rule”. There is a note that their members should seek consultation from legal or other professional advisors. The Sample Policy includes the following guidance: When a patient calls to request an appointment, the patient will be asked to bring the following at the time of the appointment:
● Drivers license or other photo ID;● Current health insurance card; and● Utility bills or other correspondence showing current residence if the photo ID does not show the patient’s current address. If the patient is a minor, the patient’s parent or guardian should bring the requested information.● The above information may be waived for patients who have visited the practice within the past six months.While we all want to feel safe and protect our identity, what price are we willing to pay? If our physician demands to photocopy our driver’s license, that document contains not only our photo but another key piece of ID – our driver’s license number. So, will we now be putting ourselves at greater risk of identity theft? What security measures does your physician’s practice have in place to protect your medical and personal data? Do they have a system that encrypts your data? If a laptop is stolen is there a mechanism to send a poison pill to lock-down the laptop? How do they control who has access to the data? How do they detect stolen data? If there is an expectation that you relinquish more personal data, clearly there should be safeguards in place to protect your information. Patients should be concerned with breaches in security, such as, lost laptops, hackers (3), unauthorized access to your medical information (4), and faxing medical information to the wrong number (5), as well as lost unencrypted CDs with patient data (6).
California led the way in 2003 by being the first state to enact a security breach notification law (S.B.1386). Now 44 additional states have similar laws. On August 19, 2010, California S.B. 1166 (designed to strengthen S.B.1386) passed the legislature but was vetoed by Gov. Schwarzenegger on September 29, 2010.
The point of this article is to not to encourage you to fight or accept change, but rather to inform and make you aware of what actions are transpiring behind the scenes which will affect your medical care. Information is power. Learn how to be your best advocate… and protect your personal and medical information.
Addendum - 21 December 2010
President Obama - Signed into law the "Red Flag Program Clarification Act of 2010"
On 18 December 2010, President Obama signed into law the "Red Flag Program Clarification Act of 2010". This "Act" will limit the scope and application of the "Red Flags Rule". The new "Act " excludes health care providers and law firms to name just a few of the covered entities. This "Act" (S. 3987) was initially passed by the Senate on December 3rd. The House of Representatives passed the Senate Bill on December 7, 2010.
As an informed health care consumer be aware of these changes, but do not be surprised if you are still asked for proof of identity as detailed in the above article. Just know it is most likely an institutional/office policy or procedure that has been instituted, but is not a Federal Trade Commission "Red Flag Rule" requirement.
1
Fighting Fraud with the Red Flags Rule
A How-to Guide for Business
2
AMA, AOA and MSDC vs. FTC
COMPLAINT FOR DECLARATORY AND INJUNCTIVE RELIEF
3
Virginia Department of Health Professions Refutes Hacker’s Claims – Lucian Constantin
Cyber War: Sabotaging the System – Steve Kroft
4
California Department of Public Health Issues Privacy Breach Fines to Five California Hospitals
5
State blames CHOC in wrong-site surgery – Courtney Perkes
6
FedEx Loses CDs Containing NY Hospital’s Patient Data – Lucian Constantin
Sally Brinkmann is a registered nurse currently practicing as a medical, patient advocate.
© 2010 Medical Advocate and Billing Consultants (www.ma-bc.com)
| ||||
