Primary Areas of Practice
Attorney Profiles
Location
Contact Us
Home

Identity Theft: A New Layer of Regulations for Healthcare Providers
Knoxville Academy of Medicine Bulletin – November 2008
By Connie S. Ditto and Diana L. Gustin

Under the FTC’s Red Flag Rules, health care providers may soon be subject to a new layer of regulations typically targeted towards financial institutions.  The Red Flag Rules were developed as part of the Fair and Accurate Credit Transactions Act of 2003 (“FACT”).  Under FACT, financial institutions and “creditors” who maintain “covered accounts” must implement identity theft prevention programs.  The final rule developed by the FTC and other governmental financial agencies requires covered entities to develop and implement written policies and procedures to recognize and respond to identity theft red flags. The Red Flag Rules require creditors who maintain covered accounts to develop and administer a written identity theft prevention program to detect, prevent, and mitigate identity theft of new or existing covered accounts. 

The FTC has taken the position that the Red Flag Rules apply to health care providers because a “creditor” includes any person who regularly extends credit.  Further, a “covered account” includes any continuing relationship designed to cover multiple transactions or payments.  Consequently, any entity that does not demand payment concurrent with the service rendered is required to comply with the new rules by developing policies and procedures to mitigate identity theft.
 
In response to this interpretation, the American Medical Association requested that the Commission clarify its position and delay enforcement of the rule.  On October 22, 2008, the FTC agreed to delay enforcement of the Rule until May 1, 2009.  However, the FTC did not retract its position that health care providers must comply with the Red Flag Rules.  Instead, the Commission construes the delay of enforcement as an opportunity for entities to develop and implement their programs and for the Commission to provide additional education.  If the current view of medical providers as creditors becomes the standard for application of the Red Flag Rules, appropriate policy and procedures will need to be developed.

Disclaimer: The information contained herein is strictly informational; it is not to be construed as legal advice.
 
   

Untitled Document

Home | Primary Areas of Practice | Attorney Profiles | News | Articles | Location | Contact
All Rights Reserved. Copyright © 2008 London & Amburn, P.C. - Images Copyright Jon Gustin