AMCNO Reminder – Red Flags Rule Implementation Deadline is June 1st

The Federal Trade Commission’s "Red Flags" rule requires entities that regularly extend credit or defer payment for services to implement a formal policy for detecting and preventing identity theft. Despite repeated objections from physician organizations, the FTC counts physician practices as creditors if they bill patients for past services or allow patients to set up payment plans. In November 2007, the Federal Trade Commission (FTC) issued a set of regulations, known as the "Red Flags Rule," requiring that certain entities develop and implement written identity theft prevention and detection programs to protect consumers from identity theft. There are still efforts underway to try to persuade the FTC that physicians are not "creditors," and therefore should not be subject to the Red Flags Rule. In the interim, the AMCNO has prepared a guidance document, along with sample policies, so that members can incorporate a simple identity theft prevention and detection program into their existing compliance and HIPAA security and privacy policies. Members may obtain copies of this document by contacting the AMCNO at 216-520-1000 ext. 101.