In late 2008, the Federal Trade Commission (FTC) issued a set of regulations, known collectively as the “Red Flags Rule,” requiring certain entities to develop and implement written identity theft prevention and detection programs to protect consumers from identity theft. After multiple extensions of the effective date, the Red Flags Rule is set to take effect on June 1. No additional extension is expected.
The FTC has stated that physician practices are “creditors” when they accept insurance and bill patients after services are provided or when they allow patients to set up payment plans after services have been provided; therefore, such physician practices must comply with the Rule.
Access the FTC’s website to learn more about the Red Flags Rule and ways to comply with the new requirements. The AMA also offers several resources to help practices comply with the regulations, including a sample policy and guidance documents.
