Healthcare Professionals Call on FTC for Exemption from its Red Flags Rule

Posted on January 29, 2010 by Heather L. Kenney

Will health care providers be the second profession to escape the Federal Trade Commission's (FTC) Red Flags Rule?  The heads of the American Dental Association, the American Medical Association, the American Osteopathic Association, and the American Veterinary Medical Association hope so, and they're asking the FTC to declare that its identity theft prevention rule (Red Flags Rule or Rule) does not apply to their licensed professionals.

In light of the November 2009 United States District Court decision in American Bar Association v. FTC, which held that the Red Flags Rule did not apply to legal professionals, the healthcare organizations issued a joint letter to the FTC requesting the same treatment.

The healthcare organizations specifically requested that the FTC:  (1) Announce that the Rule will not be applied to licensed health care professionals until at least ninety days after the final resolution of the ABA litigation and (2) Commit that if the result of the final ABA litigation is that the Red Flags Rule will not be applied to lawyers, the FTC will not apply the Rule to licensed health care professionals either.

The letter noted the substantial cost and burdens on healthcare professionals in complying with the Rule and stated that if lawyers were exempt from the Rule it would be "manifestly unfair" to subject healthcare professionals it.

Tags: , , , , , ,

And Yet Another Delay....Red Flags Rule Enforcement Date Pushed Back Until June 2010

Posted on November 2, 2009 by Heather L. Kenney

The Federal Trade Commission (FTC) announced that it will delay the enforcement of its Red Flags Rule for a fourth time, extending the start date to June 1, 2010.  The FTC previously delayed enforcement until November 1, 2009, but decided on the further extension due to a request from members of Congress.

The Red Flags Rule addresses identity theft and requires certain "creditors" to develop identity theft prevention programs.  You can learn about the specific requirements of the Red Flags Rule in a prior DGS post.

Tags: , , , , , , ,

FTC Again Delays Enforcement of its Red Flags Rule

Posted on July 30, 2009 by Heather L. Kenney

The Federal Trade Commission (FTC) issued a press release on July 29, 2009, announcing another three-month delay in its enforcement of the Red Flags Rule. The enforcement date, which had been scheduled for August 1, 2009, will now be postponed until November 1, 2009.

The Red Flags Rule is an anti-fraud regulation, aimed at reducing identity theft by requiring "creditors" to develop programs to identify, detect and respond to "red flags," that might indicate an act of identity theft.  (You can learn more specifics about the Red Flags Rule in a prior DGS post.)

This delay was issued in response to the House Appropriations Committee’s recent request that the FTC defer enforcement in order to minimize the impact of the Rule on health care providers and other small businesses.

In its press release, the FTC publicized that it will increase its efforts to educate small businesses about compliance requirements and that it intends to provide additional materials and guidance to do so. A specific link for small and low-risk entities will be set up on the FTC’s Red Flags Rule website to enable these entities to easily access materials that are relevant to their compliance needs. 

The FTC already offers a Red Flags Rule FAQs section, which addresses many compliance and enforcement issues.

Tags: , , , ,

"Red Flags" Rule: New FTC Regulations Require Healthcare Providers to Combat Identity Theft.

Posted on July 15, 2009 by Heather L. Kenney

ENFORCEMENT BEGINS AUGUST 1ST.

On August 1, 2009, the Federal Trade Commission (“FTC”) will begin enforcement of its "Red Flags" Rule, which is aimed at reducing identity theft.  The Rule requires creditors to look for "red flags" that signal possible identity theft, and applies to any “creditor” that maintains “covered accounts.” 

While most healthcare providers wouldn't usually think of themselves as traditional creditors, the Rule's definitions are broad enough to bring them into that realm.

Under the Rule, creditor is defined as any person or organization that “regularly extends, renews, or continues credit.” 

  • When a healthcare provider allows a patient to pay for medical services after they are rendered or accepts payments over a period of time, that provider is acting as a creditor. 

Covered accounts include:

  1. Accounts maintained by a creditor which are primarily for personal, family, or household purposes and are designed to permit multiple payments or transactions, or
  2. Any other account for which there is a “reasonably foreseeable risk to consumers” of identity theft.
  • Patient accounts likely fit within both of these categories.

Given the above, most healthcare providers will indeed need to comply with the "Red Flags" Rule.

View this "Red Flags" Rule PowerPoint presentation for a quick overview of the Rule's requirements and the consequences of noncompliance.

You can also consult the FTC's simplified "How-To Guide" , which provides the basics for complying with the Red Flags Rule.

Tags: , , , , , , , , ,