• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

Q&A: Fighting identity theft

Article

Do the FTC's "red flags" rules apply to physician practices?

Q: Federal regulations are requiring creditors to have in place an identity theft prevention program by May 1, 2009, under the Federal Trade Commission's "Red Flags Rules." Since physician offices often extend credit through payment plans to patients who cannot afford to pay their bills in one lump sum, are they considered creditors under this regulation? Is compliance with the Health Insurance Portability and Accountability Act sufficient to cover this?

A: Because doctors' offices allow patients to defer payments, they are considered creditors and are subject to this rule. The final rules require each financial institution or creditor that holds a consumer account (or other account for which there is a foreseeable risk of identity theft) to develop and implement a written prevention program for combating identity theft. The program must include reasonable policies and procedures for detecting, preventing, and mitigating identity theft. Additionally, the program must enable a financial institution or creditor to identify relevant patterns, practices, and specific forms of activity that are "red flags" signaling possible identity theft and incorporate those red flags into the program, respond appropriately to any red flags that are detected, and ensure the program is updated periodically to reflect changes in risks from identity theft. This does not fall under HIPAA regulations, but you may be able to leverage some HIPAA-related procedures you already have in place.

Related Videos