On Nov. 1, 2008, new rules and guidelines intended to detect, prevent, and mitigate identity theft go into effect. These “red flag rules” focus on implementing technologic and procedural frameworks to support fraud detection and prevention. The financial arrangements inherent in the physician/patient relationship would classify medical practices as creditors and subject to the rules.

The regulations require a written identity theft prevention program that includes five basic elements: An assessment of areas that may be vulnerable to the act of identity theft or that may provide the means by which identity theft can take place; identification of specific “red flags” that alert staff and/or practice management to the potential theft of information; guidelines to identify “red flags”; protocols to deal with identity theft; and detailed actions to prevent future theft potential.

Visit the AAOS on-line Practice Management Center (www.aaos.org/pracman) for more information.

Marty Krawczyk is a practice management coordinator in the AAOS practice management group. She can be reached at krawczyk@aaos.org