Banner

Article

Q&A: Fighting identity theft

Do the FTC's "red flags" rules apply to physician practices?

Q: Federal regulations are requiring creditors to have in place an identity theft prevention program by May 1, 2009, under the Federal Trade Commission's "Red Flags Rules." Since physician offices often extend credit through payment plans to patients who cannot afford to pay their bills in one lump sum, are they considered creditors under this regulation? Is compliance with the Health Insurance Portability and Accountability Act sufficient to cover this?

A: Because doctors' offices allow patients to defer payments, they are considered creditors and are subject to this rule. The final rules require each financial institution or creditor that holds a consumer account (or other account for which there is a foreseeable risk of identity theft) to develop and implement a written prevention program for combating identity theft. The program must include reasonable policies and procedures for detecting, preventing, and mitigating identity theft. Additionally, the program must enable a financial institution or creditor to identify relevant patterns, practices, and specific forms of activity that are "red flags" signaling possible identity theft and incorporate those red flags into the program, respond appropriately to any red flags that are detected, and ensure the program is updated periodically to reflect changes in risks from identity theft. This does not fall under HIPAA regulations, but you may be able to leverage some HIPAA-related procedures you already have in place.

Related Videos
The new standard for medical malpractice: A conversation with Daniel G. Aaron, M.D., J.D.
The new standard for medical malpractice: What to watch for
The new standard for medical malpractice: A step toward ending defensive medicine?
The new standard for medical malpractice: Can doctors be liable for doing what everyone else does?
The new standard for medical malpractice: What makes a clinical guideline legally defensible?
The new standard for medical malpractice: What it means for day-to-day practice
The new standard for medical malpractice: What changed?
The new standard for medical malpractice: Why the law just changed
ACP policy update 2025: A conversation with Brian E. Outland, PhD
ACP policy update 2025 interview