There was a recent article in the Kansas City Business Journal that discussed the application of the Red Flag Rules to Doctor’s offices. The article contends that Doctor’s offices might soon be required to check patients’ picture ID’s when they check in at the office. However, some in the medical community argue that the requirements places on them under HIPAA already do enough to protect their patients from identity theft. If it is determined that these businesses must also abide by the Red Flag Rules they could face a fine of up to $3,500 as a result of a violation. Although I support all the regulation and believe the government needs to make it more clear what type of operational security is acceptible and what isn’t, at what point will the costs of making your business secure start to put small businesses out of business???
Do the Red Flag Rules apply to Doctor’s Offices?