Red Flags Rule
As a part of the Fair Credit Reporting Act of 2003, the Federal Trade Commission (FTC) and other regulatory agencies issued joint regulations regarding the detection, prevention, and mitigation of identity theft. The joint regulations, commonly referred to as the Red Flag Rules, broadly apply to financial institutions and creditors.
After many delays over the course of several years, Congress passed a bill to clarify the types of “creditors” that must comply with the rules. The Red Flag Program Clarification Act that was passed on Dec. 18, 2010 eliminates physicians from the definition of a creditor and from mandatory compliance with the rules. Even though it is not obligatory, it is still suggested that your practice implement a written medical identity theft program to protect your practice and your patients.
Resources
AMA Red Flags Rule resources (ama-assn.org)
American Hospital Association Red Flags Rule resources (aha.org)
Information compromise and the risk of identity theft: Guidance for your business (business.ftc.gov)