Red Flag Rules deadline approaches

22 October 2009

The Federal Trade Commission (FTC) will begin enforcing regulations regarding the detection, prevention, and mitigation of identity theft on November 1, 2009. Although the regulations are already in effect, the FTC has issued a statement that delays enforcement until this date for health care providers.  This marks the third delay in the enforcement deadline.  Banks, financial institutions, and debit and credit card companies are most affected by the Rules, but some of the obligations apply to other entities that are considered creditors, including many health care providers, non-profit organizations, and even government entities.  Essentially, by establishing an account that permits a patient to make multiple payments, a health care provider is considered a “creditor” maintaining “covered accounts,” and thus subject to certain provisions of the Red Flag Rules.  Such health care providers are required to implement a written identity theft program.

For more information, please visit www.msv.org/redflagrules .