Pursuant to regulations issued by the Federal Trade Commission (“FTC”), "financial institutions" and "creditors" are required to develop and implement written identity theft prevention programs, as part of the Fair and Accurate Credit Transactions (FACT) Act of 2003 (the “Red Flag Rules”). Hospitals that accept deferred payments for medical services will fall within the definition of "creditor" under the FTC's Red Flag Rules and must develop and implement written identity theft prevention programs to comply with these regulations.

If you have not developed your hospital's identity theft program in compliance with the Red Flag Rule, you should be aware that the compliance date is May 1, 2009. More information about the FTC Red Flag Rules is available on our Red Flag Rules Resource Page. The Ohio Hospital Association and Bricker & Eckler have also developed a Red Flag Rules Hospital Compliance Guide, available for subscription, which offers assistance to hospitals with these rules.