Corporate Compliance

Small healthcare entities may avoid Red Flags Rule

Compliance Monitor, October 21, 2009

Healthcare facilities that employ fewer than 20 people will be exempt from the Federal Trade Commission’s (FTC) Red Flags Rule according to a House of Representatives bill. On November 1, the Red Flags Rule will enforce all healthcare entities considered to be “creditors” to implement an identity theft program.
In addition to the “20 or fewer” a facility can also apply for exclusion if that facility:
  • Knows all of their patients individually
  • Only performs services in or around a patient's residence
  • Has never experienced identity theft in the past and identify theft is rare in that business type

Most Popular