The effective date of the FTC’s Red Flag Rules has been extended several times, and at the last moment, was extended again! The new effective date is June 1, 2010. Will you be ready with an appropriate policy, trained staff and follow-up processes?
Your program must help you detect, prevent and mitigate identity theft by persons seeking services at your practice.The requirement to have a program applies to virtually all medical practices and other types of health care organizations, except for those very rare physicians or organizations that operate on a strictly cash, pay at the time of service, basis. Everyone who does not collect in full at the time of service is deemed to be extending credit, and is subject to the FTC’s Red Flag Rules requirements. Several organizations have issued model policies, including the AMA and the MGMA. Some of the principals these policies address include:
- Training staff to recognize the signs of possible identity theft;
- Incorporating controls that detect red flags indicating possible identity theft;
- Responding to any red flags that are detected; and
- Updating procedures periodically to reflect changes in risks from identity theft.
If you need assistance with developing or implementing a more complete Compliance Program, let us know.