DGS Health Law Blog : Denver Health Care Lawyers & Attorneys : Davis Graham & Stubbs Law Firm : HIPAA & Patient Privacy : Colorado, Rocky Mountain West

The Federal Trade Commission (“FTC”) and several medical associations have agreed to a joint stipulation that the FTC would not enforce its Red Flags Rule with respect to physician members of various associations until the DC Circuit rules on the American Bar Association’s pending action challenging the Red Flags Rule. Although the FTC has already announced that it will again delay the deadline for compliance with the Red Flags Rule until December 31, 2010, this stipulation may extend further the compliance deadline for physicians in the medical associations and state medical societies referred to in the case.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

In not-so-surprising news today, the FTC has delayed the enforcement date of the Red Flags Rule for the fifth time.  The new forbearance deadline is December 31, 2010 - however, if Congress passes legislation on this issue with an effective date before December 31, 2010, the FTC will begin enforcing this rule on that earlier effective date.  This delay follows on the heels of a lawsuit filed last Friday by the American Medical Association and other challenging the Rule's definition of "creditor" to the extent that it includes medical professionals.   

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Will health care providers be the second profession to escape the Federal Trade Commission's (FTC) Red Flags Rule?  The heads of the American Dental Association, the American Medical Association, the American Osteopathic Association, and the American Veterinary Medical Association hope so, and they're asking the FTC to declare that its identity theft prevention rule (Red Flags Rule or Rule) does not apply to their licensed professionals.

In light of the November 2009 United States District Court decision in American Bar Association v. FTC, which held that the Red Flags Rule did not apply to legal professionals, the healthcare organizations issued a joint letter to the FTC requesting the same treatment.

The healthcare organizations specifically requested that the FTC:  (1) Announce that the Rule will not be applied to licensed health care professionals until at least ninety days after the final resolution of the ABA litigation and (2) Commit that if the result of the final ABA litigation is that the Red Flags Rule will not be applied to lawyers, the FTC will not apply the Rule to licensed health care professionals either.

The letter noted the substantial cost and burdens on healthcare professionals in complying with the Rule and stated that if lawyers were exempt from the Rule it would be "manifestly unfair" to subject healthcare professionals it.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On December 1, 2009, the U.S. District Court for the District of Colombia issued a written opinion siding with the American Bar Association’s (ABA) challenge against the Federal Trade Commission’s (FTC) Red Flags Rule and prohibiting the FTC from enforcing its Rule against attorneys.

Among its reasons for so holding, the court declined to classify attorneys as “creditors” under the Rule.  The court stated that “credit is a specific subset of activity…which does not logically or commonly apply to attorney billing practices.”  The court went on to note that attorneys are not granting clients the right to postpone payment simply because they do not demand immediate payment from clients.  Rather, attorneys invoice clients for their own convenience, because of ethical rules which prohibit payment for services not yet rendered, and because of the unpredictable nature of the practice of law, which would make it unreasonable for attorneys to immediately calculate and collect their fees.

The court’s ruling could well have a significant impact beyond the legal arena, as several professions, including health care providers, have made similar arguments as to why they should not be subjected to the FTC’s Red Flags Rule.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

The Federal Trade Commission (FTC) announced that it will delay the enforcement of its Red Flags Rule for a fourth time, extending the start date to June 1, 2010.  The FTC previously delayed enforcement until November 1, 2009, but decided on the further extension due to a request from members of Congress.

The Red Flags Rule addresses identity theft and requires certain "creditors" to develop identity theft prevention programs.  You can learn about the specific requirements of the Red Flags Rule in a prior DGS post.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On October 8, 2009, Representative John Adler (D-NJ) introduced House Bill 3763 (PDF), which would exclude certain small businesses, including health care practices with 20 or fewer employees, from the FTC's Red Flags Rule.  The bill has been referred to the House Committee on Financial Services.  DGS will continue to track and report any noteworthy progress.

In July 2009, the FTC delayed enforcement of the Red Flags Rule for a third time, until November 1, 2009.  A prior DGS post provides more information on the requirements of the Red Flags Rule.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

The Federal Trade Commission (FTC) issued a press release on July 29, 2009, announcing another three-month delay in its enforcement of the Red Flags Rule. The enforcement date, which had been scheduled for August 1, 2009, will now be postponed until November 1, 2009.

The Red Flags Rule is an anti-fraud regulation, aimed at reducing identity theft by requiring "creditors" to develop programs to identify, detect and respond to "red flags," that might indicate an act of identity theft.  (You can learn more specifics about the Red Flags Rule in a prior DGS post.)

This delay was issued in response to the House Appropriations Committee’s recent request that the FTC defer enforcement in order to minimize the impact of the Rule on health care providers and other small businesses.

In its press release, the FTC publicized that it will increase its efforts to educate small businesses about compliance requirements and that it intends to provide additional materials and guidance to do so. A specific link for small and low-risk entities will be set up on the FTC’s Red Flags Rule website to enable these entities to easily access materials that are relevant to their compliance needs. 

The FTC already offers a Red Flags Rule FAQs section, which addresses many compliance and enforcement issues.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

ENFORCEMENT BEGINS AUGUST 1ST.

On August 1, 2009, the Federal Trade Commission (“FTC”) will begin enforcement of its "Red Flags" Rule, which is aimed at reducing identity theft.  The Rule requires creditors to look for "red flags" that signal possible identity theft, and applies to any “creditor” that maintains “covered accounts.” 

While most healthcare providers wouldn't usually think of themselves as traditional creditors, the Rule's definitions are broad enough to bring them into that realm.

Under the Rule, creditor is defined as any person or organization that “regularly extends, renews, or continues credit.” 

• When a healthcare provider allows a patient to pay for medical services after they are rendered or accepts payments over a period of time, that provider is acting as a creditor. 

Covered accounts include:

1. Accounts maintained by a creditor which are primarily for personal, family, or household purposes and are designed to permit multiple payments or transactions, or
2. Any other account for which there is a “reasonably foreseeable risk to consumers” of identity theft.

• Patient accounts likely fit within both of these categories.

Given the above, most healthcare providers will indeed need to comply with the "Red Flags" Rule.

View this "Red Flags" Rule PowerPoint presentation for a quick overview of the Rule's requirements and the consequences of noncompliance.

You can also consult the FTC's simplified "How-To Guide" , which provides the basics for complying with the Red Flags Rule.

• Email This
• Print
• Comments
• Trackbacks
• Share Link