Resources

Client Alerts, News Articles, Blog Posts, & Multimedia

Everything you need to know about BMD and the industry.

The FACTA Is…Are You in Compliance

News Article
June 12, 2008

In response to the growing number of identity thefts Congress enacted the Fair and Accurate Credit Transactions Act of 2003 (FACTA).  FACTA was enacted to help prevent identity theft, both personal and medical, and was designed to supervise the personal confidential financial information that is generated in consumer transactions.

Medical identity theft is a fast-growing crime, and some reports estimate that between 250,000 and 500,000 patients have been victims of medical identity theft.  Medical identity theft occurs when an individual uses the personal identification information of another to obtain medical services, prescriptions, or other medical goods.  The thief receives medical services or goods for conditions that the victim never had.  Many times a patient’s medical records are forever altered or tainted, which may result in the administration of incorrect medical care by a provider when that provider relies on the patient’s false medical records.

FACTA required the Federal Trade Commission and other government agencies to develop unified regulations and guidelines in order to identify, detect, mitigate, and protect against identity theft.  Thus, in an effort to enforce FACTA and provide further guidance, the Federal Trade Commission (FTC) issued its Red Flag Rules in accordance with FACTA in November 2007.  Any business that allows its customers to defer payment for goods or services must comply with the Red Flag Rules.

In late summer, the FTC clarified that it believes FACTA would apply to health care providers.  The FTC believes that health care providers who do not require full payment the day services are rendered are subject to the Red Flag Rules.  The Red Flag Rules required those providers to implement a written Identity Theft Prevention Program (the “Program”) by November 1, 2008.  On October 22, 2008, the Federal Trade Commission announced that it will suspend its enforcement of the new “Red Flag Rules” until May 1, 2009 to give certain types of creditors (which includes health care providers) additional time to develop and implement their written Identity Theft Programs.  While the rules still require businesses to have the plan in place, the announcement by the FTC means that the FTC will take no enforcement action against a business that has not fully implemented the plan until after May 1, 2009.  The Program must be designed to identify, detect, prevent, and mitigate identity theft.  Simply put, the Red Flag Rules place responsibility on the provider to ensure the accuracy of patient identification.

In order to implement the Program, the provider must identify his or her covered accounts.  A “covered account” is basically any patient account that permits a patient to make payments over time.  These include patient medical records.  The provider must asses the risk of possible patient identify theft, including relevant Red Flags, associated with each covered account.  The provider must provide education and training to his or her staff on identifying and detecting Red Flags, promptly reporting Red Flags, and appropriately responding to Red Flags to ensure the continued security and accuracy of patients’ medical identities.  Finally, each provider must appoint a Compliance Officer to be responsible for the implementation, continued administration, and oversight of the Program.

The FTC is authorized to bring enforcement actions in federal court for those health care providers that knowingly violate FACTA.  FACTA allows the FTC to enforce penalties of up to $2,500 for each violation of the Red Flag Rules.  These violations include ignoring alerts from consumer reporting agencies or failing to respond appropriately to suspicious documents, suspicious personal identifying information, or the unusual use of or suspicious activity related to a covered account.  Additionally, FACTA authorizes each state to bring an action on behalf of a resident victim of medical identity theft and may recover actual damages of up to $1,000 for each violation, attorneys’ fees, and in some cases, punitive damages.

Even if no government enforcement action is taken, your practice may be at risk to patients in private lawsuits.  The recent Ohio case of Hurchank v. Swayze held that a physician can be liable for damages to a patient when the patient’s identity was stolen because of the failure to prevent access to private information in a medical record.

Providers that are subject to FACTA must implement a written Identity Theft Prevention Program by November 1, 2008.  The good news for providers is that the Program can be integrated into the provider’s existing HIPAA Security Plan and extend the actions already taken under the HIPAA Security Plan to cover the additional elements now required by the Red Flag Rules.  Because most, if not all, providers are already in compliance under HIPAA, the additional rules can be implemented relatively quickly to satisfy the deadline of November 1, 2008.  We have developed a short version compliance plan that can be quickly integrated into your practice compliance program.

Article by Scott P. Sandrock and Amanda L. Waesch taken from Stark County Medical Society's Newsletter

FACTAmedical identity thefthealth careAmanda L. Waesch
News Article

FTC Supports Retiring the Ohio APRN Collaborative Agreement

January 14, 2020As an industry leading advocate and general counsel for the Ohio Association of Advanced Practice Nurses, Brennan, Manna & Diamond attorney, Jeana M. Singleton, has been integral in efforts to bring an outdated regulatory structure into the 21st century by modernizing the law and expanding access to care.News Article

BMD Congratulates 2020 Ohio Super Lawyers and Ohio Rising Stars

November 27, 2019BRENNAN, MANNA & DIAMOND is proud to announce RICHARD W. BURKE (Estate Planning and Probate),HAMILTON DeSAUSSURE, JR. (Business Litigation), ROBERT A. HAGER (Construction Litigation), DAVID J. HRINA (Business/Corporate), MICHAEL A. STEEL (Bankruptcy, Business) and RICHARD L. WILLIGER (Workers’ Compensation) have been selected as 2020 Ohio Super Lawyers by Law and Politics magazine, Northern Ohio Live magazine, and Cincinnati Magazine in their respective area of practice. BMD’s 2020 Rising Stars include: JUSTIN M. ALABURDA (Business Litigation), KYLE A. JOHNSON (Business Litigation), ALEX J. McCALLION (Business Litigation), CHRISTOPHER J. MEAGER (State/Local/Muni Law), BRANDON T. PAULEY (Business/Corporate) and DANIEL J. RUDARY (Business Litigation)News Article

Ohio's "One Bite" Program Changes

November 19, 2019The Ohio Medical Board has for some years had a “One Bite” program where a physician with a substance problem could undergo treatment. The treatment was private and not disclosed to the Medical Board. If the problem was later disclosed, the physician obtaining treatment would avoid sanctions from the Medical Board.News Article

Jury Awards Care Center $225,000

November 6, 2019Congratulations to Scott Sandrock on the jury verdict in favor of our client. The verdict stems from the lawsuit filed on behalf of our client against Spectrum Cable for fraud in connection with business services. The jury awarded Plaintiff $22,000 for compensatory damages, plus $225,000 in punitive damages and recovery of attorney fees in favor of our client.News Article

BMD Beefs Up its Attorney Force with 7 New Hires

November 6, 2019Founded in 2000 by three entrepreneurial and business-minded attorneys to provide a legal platform for companies and entrepreneurs in a wide variety of industries, Brennan Manna Diamond (BMD) has been in growth mode ever since. The firm, which began in Akron with just seven attorneys, now has three Ohio and two Florida offices as well as an international location in Shanghai, China through a joint venture with the law firm Jade & Fountain. BMD recently added seven more lawyers, six who are located in the Akron office.
Older posts
Newer posts