• E-mail
• Print
• RSS

Don’t delay because of red flags rule delay

Patient Financial Services Weekly Advisor, May 8, 2009

The Federal Trade Commission (FTC) pushed back its compliance date Thursday on the "Red Flags Rule" from May 1 to August 1, giving healthcare facilities considered to be "creditors" three extra months to implement an identity theft prevention program.

But that does not mean healthcare entities should delay implementing a program–especially when they’re dealing with the FTC, an organization known for harsh punishment and corrective measures.

"Don't forget, this is a much different agency than [Office for Civil Rights] and CMS, the enforcement agencies for HIPAA, and if they do show up, the consequences will likely be severe," says Kate Borten, CISSP, CISM, president of The Marblehead Group in Marblehead, MA.

The Red Flags Rule aims to keep the FTC away. It forces any organization considered to be a "creditor" to implement programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft.

That regulation falls under the Fair and Accurate Credit Transactions Act of 2003 (FACTA), which defines "creditors" as agencies that regularly extend or renew credit–or arranges for others to do so–and includes all entities that regularly permit deferred payments for goods or services.

Originally, the compliance date for Red Flags was November 1, 2008, but the FTC delayed it until May 1, and now August 1.
Major financial institutions like banks and non-state regulated credit unions did not get a break from the original November 1 compliance date.

Read the full story by HealthLeaders Media’s Dom Nicastro.

• E-mail to a Colleague
• Print
• RSS
• Archive