The Federal Trade Commission (FTC) issued sweeping regulations in 2007 aimed at preventing identity theft. Two provisions of these rules, known as the “Red Flag Rules,” can apply to health care entities. The first provision, requiring address checks for anyone who uses “consumer reports” for employment, insurance or credit purposes, became effective November 1, 2008. A second major component of the Red Flag Rules requires any business that is a “creditor or financial institution” to have written processes and procedures in place to detect, prevent, and mitigate identity theft in relation to accounts covered under the regulations. Enforcement of this provision has been delayed until May 1, 2009. Health care providers can be impacted by this provision if they do not require payment at the time services are provided, or if they are paid by an insurer after services are rendered. The FTC has issued a “How-To-Guide for Business” with information on how to determine if the Red Flag rule applies to your business; tips on compliance; and information on how to put in place a written identity theft prevention program.
Register Now As you are not an existing subscriber please register for your free daily legal newsfeed service.Register
If you have any questions about the service please contact email@example.com or call Lexology Customer Services on +44 20 7234 0606.
FTC identity fraud red flag guidance
If you are interested in submitting an article to Lexology, please contact Andrew Teague at firstname.lastname@example.org.
Director, Legal Services
Cisco Systems, Inc