Editor's Note: At the time of this writing, the legislation was still being reviewed. Since then, the ADA has successfully lobbied to have dentists exempted from the Red Flag Rules.
By Allen M. Schiff, CPA, CFE
Effective June 1, 2010, dentists will be required to implement the “Red Flag Rules” for their dental offices in compliance with Federal Trade Commission (FTC) guidelines.
Many of my clients have asked, “Why do we have to implement the Red Flag Rules in our dental practice?” The reason is simple. Due to increased abuse in the identity theft area, each patient’s confidential information must be protected within dental offices.
It is my understanding that the ADA is currently contesting the Red Flag Rules for dentists. The ADA feels it is too costly for dentists to implement these rules in their dental practices. However, the Red Flag Rules cover patients’ privacy in financial matters.
Red Flag Rules should be designed to prevent patient identity theft. In effect, anytime you process a patient’s payment or submit a patient’s dental insurance, the Red Flag Rules will apply. Some examples of identity theft red flags are:
• Altered patient dental insurance cards
• Dental insurance card info that does not match the patient record
• A patient address that does not agree with the dental insurance company info
• Undelivered patient mail
• Patient returned checks
• A patient using someone else’s credit card
• A patient who is unwilling to share personal information
As a result of the pending implementation of the Red Flag Rules, employee training in this area is required and should cover the following:
• Violation of a patient’s identity could result in monetary fines by the FTC
• Poor relations with patients
• Negative public relations/press coverage
• The need to protect the patient’s identity by protecting the patient’s information contained within each patient’s chart
• Employees should sign an acknowledgment of the training your office provided for protecting the patient’s identity
• Verify, verify, verify (request a copy of the patient’s driver’s license)
• Refuse to treat a patient (if the patient uses someone else’s identity)
• Turn the matter over to the authorities
• Take no action
Situations that require action:
• If your office receives notification of identity theft of a patient, you are to cease collection efforts for that patient. Example: The unauthorized use of an aunt’s credit card by a niece.
• If the address on the patient’s credit report does not agree with the patient’s records, you must make a reasonable effort to obtain the correct address and verify such.
Some final steps to consider:
• Don’t wait for the Red Flag Rules to take effect — implement now!
• Train your employees so you are compliant with the Red Flag Rules.
• Do not let patients “bully” you. Take charge of your practice!
• The ADA has guidelines for doctors to implement listed at this Web site: http://www.ada.org/sections/professionalResources/pdfs/redflag_guide.pdf
• FTC guidelines are listed at this Web site:
www.ftc.gov/bcp/edu/microsites/redflagsrule/index.shtml
• Please contact the FTC at 877-382-4357.
• Consider publicizing this information to patients through a newsletter and/or Web site.
Allen M. Schiff, CPA, CFE, is a founding member of the Academy of Dental CPAs (ADCPA), which was established in 2001. The ADCPA is the original, national organization of dental CPAs, consisting of 25 firms that represent in excess of 7,000 dentists nationwide. To learn more about the ADCPA, please visit the organization's Web site at www.adcpa.org, e-mail Schiff at ASchiff@Schiffcpa.com, or visit his Web site at www.schiffcpa.com.
