The Federal Trade Commission recently released a frequently asked questions (FAQs) guide to medical identity theft for healthcare providers. The FAQs advise that if a provider learns that a patient may be a victim of medical identity theft, the provider should conduct an investigation, and if medical identity theft is found to have occurred, the provider should (1) notify everyone who accessed the patient's medical or billing records, (2) correct any erroneous information in the medical records, and (3) assure that the provider, if it files consumer credit reports, follows the accuracy requirements under the Fair Credit Reporting Act. In addition, providers should review their data security practices and report any security breaches as required under the Health Insurance Portability and Accountability Act (HIPAA), according to the FAQs. Finally, the FAQs provide that patients should be informed of their rights under HIPAA.