ENFORCEMENT BEGINS AUGUST 1ST.
On August 1, 2009, the Federal Trade Commission (“FTC”) will begin enforcement of its "Red Flags" Rule, which is aimed at reducing identity theft. The Rule requires creditors to look for "red flags" that signal possible identity theft, and applies to any “creditor” that maintains “covered accounts.”
While most healthcare providers wouldn't usually think of themselves as traditional creditors, the Rule's definitions are broad enough to bring them into that realm.
Under the Rule, creditor is defined as any person or organization that “regularly extends, renews, or continues credit.”
- When a healthcare provider allows a patient to pay for medical services after they are rendered or accepts payments over a period of time, that provider is acting as a creditor.
Covered accounts include:
- Accounts maintained by a creditor which are primarily for personal, family, or household purposes and are designed to permit multiple payments or transactions, or
- Any other account for which there is a “reasonably foreseeable risk to consumers” of identity theft.
- Patient accounts likely fit within both of these categories.
Given the above, most healthcare providers will indeed need to comply with the "Red Flags" Rule.
View this "Red Flags" Rule PowerPoint presentation for a quick overview of the Rule's requirements and the consequences of noncompliance.
You can also consult the FTC's simplified "How-To Guide" , which provides the basics for complying with the Red Flags Rule.