The deadline for the new identity theft "Red Flags Rule" was extended to June 1, 2010. Will you be ready?
In November 2007, the Federal Trade Commission (FTC) issued regulations, known as "Red Flags Rule". The purpose of the regulation is to protect consumers (patients) from identity theft.
FTC considers physicians who accept insurance or allow payment plans to be creditors and therefore subject to the Red Flags Rule.
Penalty for non-compliance is $2,500 per "known violation".What is a "red flag"?
A Red Flag is a pattern, practice, or specific account activity that indicates the possibility of identity theft. The FTC identifies the following as red flags:
How can you comply with the Red Flags Rule?
- Alerts, notifications or warnings from consumer reporting agency
- Suspicious documents and/or personal identifying information, such as an inconsistent address or nonexistent Social Security number
- Unusual use of, or suspicious activity relating to a patient account
- Notices of possible identity theft from patients, victims of identity theft or law enforcement authorities
The Red Flags Rule requires that physicians have "reasonable policies and procedures in place" to identify, detect and respond to identify theft "red flags".
We can help you to be compliant by providing you a customized policies and procedures for your practice. Please