Liles Parker PLLC
(202) 298-8750 (800) 475-1906
Washington, DC | Houston, TX
San Antonio, TX | Baton Rouge, LA

We Defend Healthcare Providers Nationwide in Audits & Investigations

Healthcare Providers Aren’t Covered Under the Red Flag Rules

Red Flag Rules(December 12, 2010):  Under the “Fair and Accurate Credit Transaction Act of 2003,” the Federal Trade Commission (FTC) was required to establish regulations mandating that “creditors” and “financial institutions” develop and implement Identity Theft Prevention Programs.  These programs were aimed at identifying, detecting and responding and, ultimately, preventing identify theft from occurring in connection with “covered accounts” maintained or handled by creditors and financial institutions.  The patterns, practices and / or specific activities which could indicate that identify theft was occurring was referred to by the FTC as “Red Flags.”  The program was therefore commonly known as the “Red Flags Rule.”  Since enacted, the legislation has been widely criticized by health care providers and their professional associations, lawyers, accountants and other professionals who argued that the definition of “creditor” was overly broad and was never intended to cover their work / organizations.  After facing both lawsuits and growing Congressional concerns, the FTC delayed enforcement of the rule so that Congress could consider limiting the scope of the rule.

Both the House and the Senate have recently passed the “Red Flag Program Clarification Act of 2010.”  President Obama is expected to sign the legislation before the end of the year.  As Senator Christopher Dodd commented after the bill was passed, this legislation:

“makes clear that lawyers, doctors, dentists, orthodontists, pharmacists, veterinarians, accountants, nurse practitioners, social workers, other types of healthcare providers and other service providers will no longer be classified as ‘creditors’ for the purposes of the Red Flags Rule just because they do not receive payment in full from their clients at the time they provide their services, when they don’t offer or maintain accounts that pose a reasonably forseeable risk of identity theft.”

While most health care providers will be thrilled to hear of these changes (few businesses, regardless of type, want to be covered by the Red Flags Rule), it is essential to recognize that identity theft is, in fact, a growing problem.  Therefore, the most prudent course would be for Compliance Officers to incorporate procedures into their Compliance Plan which will help prevent identity theft from taking place.  Moreover, should it occur, your practice should have procedures in place to help minimize any adverse impact from such an occurrence.

Liles Parker attorneys provide health law advice to health care providers around the country.  Our attorneys have extensive experience working with providers to establish effective Compliance Plans for a wide range of organizations.  Identify theft is yet another risk area to be considered when reviewing and / or revising your Compliance Plan.  Please feel to call us for a free consultation.  We can be reached at 1 (800) 475-1906.