Mark the Red Flags Rule Date for June 1, 2010
The Federal Trade Commission’s (FTC) compliance deadline for creditors and financial institutions to develop and implement an identity theft prevention program under the Red Flags Rule was delayed—yet again. The implementation date originally set for Nov. 1, 2008 has been delayed three times to 2009 dates: May 1, Aug. 1, and Nov. 1. At the request of Congress members, the latest implementation date now extends to June 1, 2010.
There has been question as to how the Red Flags Rule applies to health care providers. According to the FTC’s Fighting Fraud with the Red Flags Rule: A How-To Guide for Business, page 9-10, “The definition of ‘creditor’ is broad and includes businesses or organizations that regularly defer payment for goods or services or provide goods or services and bill customers later. Utility companies, health care providers, and telecommunications companies are among the entities that may fall within this definition, depending on how and when they collect payment for their services.”
To help determine if you should comply under the Red Flags Rule, the FTC offers resources on their Web site. The FTC’s resources also include an FTC compliance template and information on how to design and implement an identity theft prevention program. The American Medical Association (AMA) also has prepared a sample policy template for providers.
For excellent coverage on the Red Flags Rule, read pages 18-19 in the February 2009 issue of Coding Edge.