The FTC has extended the effective date of the FTC’s Red Flag Rules several times in the past several months, but it looks like they will not be extended again. The last effective date was June 1, 2010. NOW it is set for December 31, 2010. Have your healthcare compliance consultants helped you get ready with an appropriate policy, trained staff and follow-up processes?
Your program must help you detect, prevent and mitigate identity theft by persons seeking services at your practice.The requirement to have a program applies to virtually all medical practices and other types of health care organizations, except for those very rare physicians or organizations that operate on a strictly cash, pay at the time of service, basis. Everyone who does not collect in full at the time of service is deemed to be extending credit, and is subject to the FTC’s Red Flag Rules requirements. Several organizations have issued model policies, including the AMA and the MGMA. Some of the principles these policies address include:
- Training staff to recognize the signs of possible identity theft;
- Incorporating controls that detect red flags indicating possible identity theft;
- Responding to any red flags that are detected; and
- Updating procedures periodically to reflect changes in risks from identity theft.