The FTC and other financial regulatory agencies were directed by the Fair and Accurate Credit Transactions Act of 2003 (FACTA) to put forth rules requiring "creditors" and "financial institutions" with covered accounts to implement programs to identify and help prevent identity theft, including medical identity theft. FACTA's definition of "creditor" applies to any entity that regularly extends or renews credit - or arranges for others to do so - and includes all entities that regularly permit deferred payments for goods or services. This includes healthcare professionals such as audiologists and physicians who provide services and bill later.
Enforcement of the Red Flags Rule will begin on August 1, 2009, and violators are subject to financial penalties. By the deadline, audiologists must have in place a written program that identifies and detects the relevant warning signs - or "red flags" - of identity theft. According to the FTC, these may include, for example, unusual account activity, fraud alerts on a consumer report, or attempted use of suspicious account application documents. The program must also describe appropriate responses that would prevent and mitigate the crime and detail a plan to update the program. The program must be managed by the audiology practice's Board of Directors or senior employees, include appropriate staff training, and provide for oversight of any service providers.
The Red Flags Rule gives audiologists the flexibility to design an Identity Theft Prevention Program appropriate for the individual business, given its size and potential risk for identity theft. While some companies need a comprehensive Program, some audiology practices (for example, those in a small town that know most of their patients) may be at lower risk for identity theft and may need only a few simple provisions put into place.
The FTC has developed a Web site to assist with compliance: ftc.gov/redflagsrule including an article entitled The "Red Flags" Rule: What Health Care Providers Need to Know About Complying with New Requirements for Fighting Identity Theft" written by an FTC attorney. The Web site also includes a "Do It Yourself" program that may be appropriate for audiology practices at low risk for identity theft. While the FTC does not want the regulations to cause burdensome efforts on the part of providers, doing nothing is not an option.
Visit ftc.gov/redflagsrule today - the deadline is fast approaching.
The "Red Flags" Rule: What Audiologists Need to Know About Complying with New Requirements for Fighting Identity Theft
Share: