June 1 deadline for Red Flag Rules approaches

27 May 2010

On June 1, 2010, the Federal Trade Commission (FTC) will begin enforcing regulations regarding the prevention of identity theft. The Red Flag Rules affect banks, financial institutions, and debit and credit card companies to the highest degree, yet some of the requirements apply to other entities that are considered creditors, including many health care providers. Essentially, by establishing an account that allows a patient to make multiple payments, a health care provider is considered a “creditor” maintaining “covered accounts,” and thus is subject to certain provisions of the Red Flag Rules. Such health care providers are required to implement a written medical identity theft program.

On May 21, 2010, a lawsuit was filed by the American Medical Association, American Osteopathic Association and the Medical Society of the District of Columbia, with the argument that physician practices were being placed under the same regulations as banks, credit card companies and mortgage lenders. The lawsuit does not affect the June 1 deadline at this time. For more about the lawsuit, read the article at healthcareitnews.com.

As the date of compliance steadily approaches, make sure that your practice has policies in place to comply with the rule.

For more information and for sample Red Flag Rule policies, please visit MSV's Knowledgebase: http://www.msv.org/redflagrules

Related article:

Docs seek to block ‘red flags' rule (modernhealthcare.com)