Red Flag Rule: Conclusion

Report home | Read the report (PDF) | Previous section | Next section


The Red Flag rule represents an important opportunity for the health care sector to protect consumers and patients from the impacts of medical and other forms of identity theft.

Until this point, victims of medical forms of identity theft have had very little help in getting relief in the provider context. While a few providers may have mitigation plans in place, many do not. It is not unusual for victims of this crime to report being victimized multiple times in multiple provider settings, sometimes in several states. As a result, as consumers working to clean up their health care files experience differing levels of help and support due to variability of provider practices. Providers are also victims of medical identity theft, and they need to take steps to protect their own interests as well as the interests of their patients.

One thing has become less variable is the scanning and storing of government-issued patient identification and sometimes biometrics. The World Privacy Forum cannot emphasize enough that patient identity proofing is one small aspect of preventing this crime. Improper collection, handling and storage of patient identity documents such as drivers’ licenses and biometrics can increase rather than decrease patient and provider risk, depending on the system.

The Red Flag and Address Discrepancy rules, if implemented robustly, may ease some of the problems consumers have been experiencing with medical identity theft. It is an opportunity to help consumers that should not be wasted or treated lightly.



Roadmap: Red Flag and Address Discrepancy Requirements – Suggestions for Health Care Providers: V. Conclusion


Report home | Read the report (PDF) | Previous section | Next section