Health Information Management

Small healthcare entities may be exempt from Red Flags Rule

HIM-HIPAA Insider, October 19, 2009

The House of Representatives filed a bill October 8 that would exempt “a healthcare practice with 20 or fewer employees” from the FTC’s Red Flags Rule requirement.


The Red Flags Rule, which will be enforced beginning November 1, requires healthcare entities considered to be “creditors” to implement an identity theft prevention program.


Further, the bill lets off the hook an entity that:


  • Knows all of its customers or clients individually
  • Only performs services in or around the residences of its customers
  • Has not experienced incidents of identity theft and identity theft is rare for businesses of that type


The FTC would determine if a business meets these criteria.


Congressman John Herbert Adler (D-NJ), Paul Collins Broun, Jr. (R-GA), and Mike Simpson (R-ID) filed the bill.


In case the Red Flags Rule has fallen off your radar, start compliance efforts here.

Most Popular