Red Flag Rule
Red Flag Rule: Identifies a pattern of behavior or events to indicate a breach of PHI (protected health information) has likely occurred and that identity theft has occurred or is occurring. An example of this would be inconsistencies between information on file about a patient and identity documents that the patient presents in person.
A Red Flag indicates that identity theft may be occurring or will soon occur.
Red Flag Rule Umbrella Policy:
· Must be reviewed at least annually
· Must be approved by the highest authority in the organization
· Must require regular program monitoring and that any material changes be approved by senior management.
· Records retention requirement is 6 years from last effective date.
Posted on March 14, 2011, in HIPAA and tagged HIPAA, HIPAA compliance, HIPAA Security and Privacy, HITECH, Red Flag Rule, Red Flag Rule Umbrella Policy, RFR, RFR Umbrella Policy. Bookmark the permalink. Leave a comment.