TAA MEMBER LOGIN
Annual Conference
Board Members
By-Laws
Careers
Code of Ethics
Contact Us
Continuing Education
Find an Audiologist
Governmental Affairs
Jobs
Join/Renew
PAC Donations
Mission Statement
Resources
Other State Academies
State Licensing
 
Log In
Email Me My Password
Update My Profile
Update My Office(s)
Renew Online
List of Members
Download Documents
Medicaid
Newsletter
Professional Issues
Log Out

Texas Academy of Audiology
P.O. Box 93331
Lubbock, TX 79493-3331

Advertising
Texas Academy of AudiologyFTC Rules Affect Audiology Practices

Recently, the Federal Trade Commission (FTC) has issued two rules that apply to audiology practices. A significant focus of enforcement in health care is the prevention of medical identity theft as well as health-care information breaches, both of which are becoming an increasing problem.

FTC Red Flag and Address Discrepancy Rules

The Red Flag and Address Discrepancy Rules are part of the Fair and Accurate Credit Transactions Act (FACTA) of 2003 that designates health-care providers, including hospitals, medical practices, and other health-care providers as creditors. The American Medical Association and the American Hospital Association as well as many other organized medical associations attempted to obtain an exemption but were denied by the FTC. The rules were to become enforceable on May 1, 2009, but on April 30, the FTC granted an extension until August 1, 2009, for offices to be in compliance. Originally, the Red Flag Rules were to have been implemented on November 1, 2008, but were delayed until May 1, 2009 due to confusion over which entities were subject to its rules.  

Who Must Comply?

The Red Flag Rules apply to any entity that meets the definition of a creditor and maintains covered accounts, regardless of whether the health-care provider is a for-profit or not-for-profit entity. Additionally, they require a "creditor" to adopt written identity theft-prevention programs designed to prevent, detect, and mitigate the effects of identity theft.

A creditor is defined as any entity that "regularly extends, renews, or continues credit; or who regularly arranges for the extension, renewal, or continuation of credit." In very broad terms, the FTC regards "credit" as the right granted to a debtor to defer payment for goods or services. The threshold of "regularly" is interpreted is generally interpreted to mean a regularly occurring business practice. As such, if a health-care provider, as a regular business practice, does not require all patients to pay for medical goods or services at the time that such goods or services are provided, then the entity or provider is considered a "creditor" and must comply with the Red Flag Rules. Failure to comply could mean administrative or significant monetary penalties.

How to Comply?

A written identity theft program must contain policies that identify red flags, detect red flags, respond to incidents, and ensure that the program is reviewed and updated to adjust to changing identity theft risks.

In response to the needs of our members, the AAA has once again partnered with Gates, Moore & Company, a national health-care consulting firm, to create a "how-to" manual for the Red Flag Rule, very similar to the HIPAA manuals that were made available to our members. Its 70 pages of straightforward instruction includes a fill-in-the-blanks "Identity Theft Prevention Program" that practices must have in place. As with our HIPAA products, this manual has been reviewed by a national law firm, Epstein Becker & Green.

The manual can be ordered for $65.00 through the AAA's Online Store.

Coming Soon: A 30-minute e-learning seminar will also soon be available to train your staff. Check the AAA's Web site for updates.

Click here for more information on the FTC Red Flags Rules.

Click here to learn more about what health-care providers need to know. (PDF)

FTC Health Breach Notification Rule

The second FTC rule referenced is in response to the American Recovery and Reinvestment Act of 2009 that included modifications to HIPAA. The Federal Trade Commission issued proposed guidance on April 16, 2009, regarding the "Health Breach Notification Rule." The comment period ends on June 1, 2009, with the date of effect anticipated to be September 18, 2009.

The proposed rule requires the following:

  • Business associates will need to implement written policies to prevent, detect, and correct security violations of electronic information.
  • Business associates such as hearing aid manufacturers, clearinghouses, and others will need to implement written policies to prevent, detect, and correct security violations of electronic information.
  • Current business agreements will need to be updated in order to be in compliance with the new rule.
  • If a breach occurs, the business associate must take reasonable steps to cure the breach.
  • Vendors of personal health records and related entities to provide notice to consumers and the FTC when the security of their electronic health information is breached.
  • New guidance for encryption as well as the destruction of health information.

The AAA will continue to monitor legislation and update the membership with any changes that may affect the profession. Should you have specific questions regarding either of these rules and their implementation, it is recommended that you confer with your legal counsel. For general questions, please contact Debbie Abel, AuD, director of reimbursement, at dabel@audiology.org or 703-226-1024.

taa

Widex ad



TIMS Software for Audiology

Back to top