Web-Tones

Health care providers implicated in the FTC's Red Flags Rule. As the link indicates, enforcement of the Rule begins on August 1, 2009. In short, within five business days. Large numbers of health care providers fall under the Rule since they can be categorized as "creditors" (see the link for a good summary). Most providers are clearly not ready since they have not taken steps to implement a plan that would provide a "safe harbor." The Rule is designed to anticipate and prevent identity theft. According to this article, 10 million Americans a year have their identities stolen, of these the FTC estimates that as many as 5% have their medical identity stolen, not a small number.

Protecting agaisnt identity theft is all about  recognizing signs that it may occur (i.e. the "Red Flags") and subsequently having the right processes and precautions in place to protect the data at risk--personally identitifiable information (PII). OK, but what does all of this have to do with the HITECH Act? On its face, the short answer is nothing at all. But HITECH's Subtitle D already gives the FTC a role regarding personal health records (PHRs), now they will be keeping an eye on health care providers PII data protection activities as well. What are the odds that the FTC notifies HHS if they suspect not only PII is at risk  BUT also protected health information (PHI)? In short, protecting data is protecting data. If a provider has sloppy, or non-existent protection in one case, the probabilities are high that it does in most (if not all) cases. You can bet that the FTC, HHS, and CMS will be working closely together or these issues.

There is indeed a regulatory freight train coming unlike anything the health care industry has experienced in the past.

Looking for a best of breed HIPAA Compliance Tracking System?

To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.

If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH / HIPAA experience?

HealthBlawg: Red Flags Rule: The FTC piles on, because HIPAA, ARRA and overlapping state laws just weren't enough. David has an excellent post summarizing the impact that the FTC's Red Flags Rule may have on healthcare providers.

As I have written about previously, there is a regulatory freight train coming that few in the healthcare industry see, although many are starting to get a sense that there is something "out there" heading their way. As a privacy lawyer, I help clients deal with these kinds of regulatory issues, not only within healthcare, but across industry sectors.

As a veteran of the technology industry it is clear to me that there is a convergence of law, policy and technology happening on a daily basis. It helps to have "bi lingual" partners due to the number of organizational stakeholders that need to weigh in on compliance issues.

Looking for a best of breed HIPAA Compliance Tracking System?

To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.

If you need tools that will help with your compliance initiatives then check out the HSG Store.