Health Information Management

FTC suspends enforcement of red flags medical identity theft rule

HIM-HIPAA Insider, October 27, 2008

The Federal Trade Commission (FTC) has extended the red flags medical identity theft rule compliance deadline for creditors and financial institutions from November 1, 2008 to May 1, 2009, according to an October 22 announcement.
Financial institutions and creditors must have programs in place to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft per the red flags rule, according to the FTC announcement.
The rule defines creditors as “any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit.” There was confusion over whether the rule, which is primarily geared toward financial institutions and other lenders, also applied to healthcare providers. Although the rule doesn’t specifically reference them, it does imply that healthcare providers may fit the legislation’s extremely broad definition of "creditor" because many permit a deferred payment of certain ongoing accounts. Essentially, providers become "creditors" when they establish payment plan.
Some entities reported being unaware they were required to comply with the rule until it was too late to be in compliance by November 1, according to the announcement. The delayed enforcement will provide additional time to implement the prescribed programs.
For more information, click here.


0 comments on “FTC suspends enforcement of red flags medical identity theft rule


Most Popular