Red Flag FAQ

Effective May 1, 2009 Anne Arundel Orthopaedic Surgeons (AAOS) must comply with The Fair and Accurate Credit Transactions Act of 2003 (FACTA) as amended in October of 2007 to include Red Flag and Address Discrepancy Requirements (Red Flag).

Why was FACTA amended to include Red Flag Rules?
The Red Flag rules are designed to protect consumers from identity theft by requiring businesses like AAOS to recognize activities that indicate the possible existence of identity theft.

What kind of activities will AAOS watch for that may indicate identify theft?
Some things that may indicate identify theft, or "Red Flag" activities that AAOS will watch for are:

• Documents provided for identification appear to have been altered or forged.
• The photo ID provided by the patient is not consistent with the appearance of the patient requesting treatment.
• The SSN, birth date or other personal information provided is the same as that submitted by another patient.
• The patient requesting treatment is not able to produce personal identifying information such as driver’s license or insurance card.
• Notice from patients that they have received an Explanation of Benefits from their insurance company for services they never received.
• Medical records report medical treatment or conditions that are inconsistent with a physical exam or medical history as reported by the patient.

What will SCOSA do if they find Red Flag activities on my account? AAOS has created policies and procedures to reduce the opportunity for identity theft, recognize signs of identity theft (Red Flags), and respond to Red Flags when identified. AAOS staff has been trained on these policies and procedures and will monitor and update these policies for their effectiveness. Depending on the type of Red Flag identified, AAOS staff may do one or more of the following:

• Flag an account for suspected identity issues so that AAOS staff will be alerted to watch for suspicious activity.
• Verify information provided by the patient by researching public information like the Social Security Administration’s Death Master File.
• Contact a patient to discuss concern about a possible identity theft.

What will SCOSA do to reduce the risk of identity theft?
AAOS requires a copy of a picture ID for each patient; this is used to confirm the patient’s identity and is kept in a secure protected environment for AAOS’s use only. AAOS has security policies in place to ensure that your data is safe from exposure or release to other parties. Our staff is trained in patient privacy, committed to protecting your information and on the alert for suspicious activity.

What can I do to protect my identity? As a consumer of medical services there are several things you can do to help safeguard your identity, here are some suggestions:

• Safeguard your medical information; keep your medical insurance ID card and other information in a secure place like you would a credit card.
• Request an annual listing of all benefits paid by your insurer and review to be sure only service you or your dependents received are listed.
• If fraudulent activity is suspected be proactive in contacting the provider of service and investigating the situation.
• Check your credit report. Starting in December 2004 you can get a free copy of your report from the three national consumer reporting agencies, depending on where you live. For more on free credit reports and when you can get yours, see PRC Fact Sheet 1, Privacy Survival Guide, www.privacyrights.org/fs/fs1-surv.htm.

For questions, concerns or comments please contact our Privacy and Security Office, at (410) 573-2530.