She noted that under EMTALA, a hospital cannot delay performing the medical screening examination or stabilizing treatment, to inquire about insurance or payment, “but it can follow reasonable registration processes as long as the medical screening exam is not delayed by the process. So after the patient has been triaged and is sitting in the waiting room waiting to be seen for the medical screening exam, you can ask them for identifying information. But if they don't have identifying information, you can't turn them away. You have to provide the [screening exam] and necessary stabilizing treatment.”
Providers also should note that compliance with the Health Insurance Portability and Accountability Act (HIPAA) does not shield them from complying with the Red Flags Rule.
“One of the questions we get is, 'I already comply with HIPAA; aren't I done?' The answer is, 'Probably not,'” said Naomi Lefkowitz of the division of privacy and identity protection at the Federal Trade Commission.
“The Red Flags Rule is really about fraud protection, and HIPAA is more about data security. There is certainly some overlap, and to the extent that, for example, someone is checking photo IDs … to make sure that the person only has access to their [own] medical record, that's a policy that might do double duty under the client's identity theft program as far as verifying identification.
“But merely having the HIPAA program is probably not going to make [providers] compliant with Red Flags,” she added.
Mary Ellen Schneider contributed to this article.