WASHINGTON—Physician practices now have until Aug. 1, 2009, to comply with the Federal Trade Commission's (FTC) Identity Theft Red Flags Rule.
The Red Flag Rules were issued in 2007 to protect against identity theft, such as using someone else’s social security number or credit card number to commit fraud. The rule applies to anyone considered a “creditor,” which the FTC said is “any person who regularly extends, renews, or continues credit.”
The rule specifies that creditors must develop an identity theft program, which includes reasonable policies and procedures for detecting or mitigating identity theft.
The FTC said that physicians are considered creditors because they extend credit by allowing deferred payments until services are rendered or insurance is collected.
The American Medical Association, however, has been trying to persuade the FTC that physicians are not creditors and shouldn’t have to comply with the red flag rules.
Originally, the rule was set to go into effect on Nov. 1, 2008, but enforcement was delayed until May 1, 2009. The FTC has now delayed enforcement once again until Aug. 1, 2009.
The FTC said the program should help a creditor identify relevant "red flags" (i.e., patterns, practices and specific activities that signal possible identity theft) and incorporate those red flags into the policy.
In addition, according to the FTC, the creditor should detect red flags that have been incorporated into the program and respond appropriately to detected red flags and prevent and mitigate identity theft ensure that the program is updated periodically to reflect changes in risks.
Click HERE to read a sample policy for the red flag rule.
