Update
Federal Trade Commission regulations issued in 2007, known as the "Red Flags Rule" (“Rule”), required that certain entities develop and implement written identity theft prevention and detection programs to protect consumers from identity theft. However, the Rule did not specifically state whether physician practices were subject to the Rule requirements. It remained uncertain if physicians, lawyers, dentists and other professionals should be classified as "creditors" for the purposes of compliance with the Rule just because they do not receive payment in full at the time that they provide their services.
Clarification came in December 2010 with passage of "Red Flag Program Clarification Act of 2010”, which limits the type of "creditor" that must comply with the Rule.
Not billing or receiving payment in full at the time a physician provides services will not result in the physician being considered a creditor under the Rule.*
In light of the new law, the Rule will not apply to most physician practices.
For physicians who are otherwise not exempted, First Professionals has developed a packet of materials to help clarify the Rule pertaining to patient identity theft protection standards. The packet contains an overview of the new Rule, risk management guidelines, and website references. It also contains several forms and templates to assist with compliance measures.
For additional information regarding the Rule or the Red Flag Program Clarification Act of 2010 go to:
http://www.ftc.gov/bcp/edu/microsites/redflagsrule/index.shtml
http://www.ftc.gov/bcp/edu/pubs/articles/art11.shtm
http://www.gpo.gov/fdsys/pkg/BILLS-111s3987enr/pdf/BILLS-111s3987enr.pdf
www.ama-assn.org
*The law indicates that creditors that fall under the Rule are only those who regularly and in the ordinary course of business: (1) obtain or use consumer reports, directly or indirectly, in connection with a credit transaction; (2) furnish information to certain consumer reporting agencies in connection with a credit transaction; or (3) advance funds to or on behalf of a person, based on the person's obligation to repay the funds or on repayment from specific property pledged by them or on their behalf (this does not include creditors who advance funds on behalf of a person for expenses incidental to a service provided by the creditor to that person). Creditors that fall under one of the above-mentioned categories must comply with the Rule.
Red Flags Rule Compliance Measures
Sample Forms:
Frequently Asked Questions
This packet, along with any other additional material you obtain, will be a vital resource in implementing protection against patient identity theft and compliance with the Rule.
If you have any questions about this material or require additional copies, contact our Risk Management Department at (800) 741-3742, ext. 3016 or send an e-mail to rm@fpic.com.
NOTE: FPIC provides Red Flags Rule guidance as a benefit to its policyholders for educational and informational purposes only. Any representations or written reports rendered in conjunction with this benefit should not be considered a certification of Red Flags Rule compliance nor should it be interpreted as offering legal, financial, or other professional services. Policyholders that are developing policies and procedures to comply with the Red Flags Rule should seek legal and/or professional assistance to be sure that an appropriate compliance plan is implemented for their particular practice.