Practice Management Alert

Question: I thought the Red Flags Rule was due to go into effect this month. I haven't heard anything more about how my practice should prepare, however. Are we behind the eight ball?

Oregon Subscriber

Answer: You're not behind, thanks to another implementation deadline delay from the Federal Trade Commission (FTC). You know have seven extra months to get your practice ready for Red Flags Rule scrutiny. The new deadline is June 1, 2010.

But don't get complacent. Take this delay as an opportunity to solidify your practice's red flag program. You should institute a red flags program in your practice, which you'll need to revisit at least annually and more often as needed.

Under the Red Flags Rule, "certain businesses and organizations -- including many doctor's offices, hospitals, and other health care providers -- are required to spot and heed the red flags that often can be the telltale signs of identity theft," according to an article on the FTC's Web site. "To comply with the new Red Flags Rule ... you may need to develop a written 'red flags program' to prevent, detect, and minimize the damage from identity theft."

According to the FTC, the rule applies to businesses that qualify as "creditors" or "financial institutions" -- and the rule probably does apply to your practice.

Here's why: "Health care providers are creditors if they bill consumers after their services are completed," the FTC Web site says. "Health care providers that accept insurance are considered creditors if the consumer ultimately is responsible for the medical fees."

For more on the Red Flags Rule extension, visit www.ftc.gov/opa/2009/10/redflags.shtm.