Get Ready to Follow the ID Theft Red Flags Rule

“The Red Flags Rule is really about fraud protection, and HIPAA is more about data security. There is certainly some overlap, and to the extent that, for example, someone is checking photo IDs … to make sure that the person only has access to their [own] medical record, that's a policy that might do double duty under the client's identity theft program as far as verifying ID,” Ms. Lefkowitz said. But merely having the HIPAA program is probably not going to make [providers] compliant with Red Flags.”

Mary Ellen Schneider contributed to this report.