Providers no longer have to worry about complying with Red Flags Rule
December 08, 2010
The Federal Trade Commission (FTC) has adopted regulations to address the detection, prevention, and mitigation of identity theft. In particular, new regulations were adopted to require “creditors” with “covered accounts” to adopt and implement a system of identifying and reacting to signs of identity theft: the Red Flags Rule.
Although the original date for compliance was November 1, 2008, opposition by healthcare professional advocacy groups and Congress have delayed the implementation of this rule seven times. The AMA and other organizations have sued to be exempt from the rules— mostly because providers already address the requirements of the Red Flags Rule by complying with HIPAA.
In December 2010, the House passed legislation redefining who a “creditor” is, which basi- cally exempts providers from the FTC rules. The legislation, which awaits the signature of President Obama, averts enforcement of the regulations in practices that would have taken effect January 1, 2011. Fortunately, it looks like we have one less level of bureaucracy we will have to deal with.