Pursuant to new regulations issued by the Federal Trade Commission (the “Red Flag Rules”), "financial institutions" and "creditors" are required to develop and implement written identity theft prevention programs, as part of the Fair and Accurate Credit Transactions (FACT) Act of 2003. Hospitals that accept deferred payments for medical services will fall within the definition of "creditor" under the FTC's new Red Flag Rules and must develop and implement written identity theft prevention programs by November 1, 2008 to comply with these regulations. More information about the FTC Red Flag Rules is available on our Red Flag Rules Resource Page.

The Ohio Hospital Association and Bricker & Eckler have also developed a Red Flag Rules Hospital Compliance Guide, available for subscription, which offers assistance to hospitals with these rules.