Lawsuit Pushes Red Flags Rule Back — Again
Amidst an AMA lawsuit, the FTC appears to take a wait-and-see approach.
After a year’s worth of extensions of the Red Flags Rule, medical practices were ready to buckle down and ensure that their plans were in place, because the rule was set to take effect on June 1.
However, just days shy of that deadline, the Federal Trade Commission (FTC) announced that it would be delaying enforcement until Dec. 31, 2010, “at the request of several Members of Congress,” according to a May 28 FTC news release.
Under the Red Flags Rule, “certain businesses and organizations — including many doctor’s offices, hospitals, and other health care providers — are required to spot and heed the red flags that often can be the telltale signs of identity theft,” according to an article on the Federal Trade Commission’s Web site.
To comply with the Red Flags Rule, covered entities are expected to create a written red flags program to prevent and detect potential identity theft cases.
According to the FTC, the rule applies to businesses that qualify as creditors or financial institutions, and the FTC’s broad definition indicates that it applies to many medical practices. “Health care providers are creditors if they bill consumers after their services are completed,” the FTC Web site says. “Health care providers that accept insurance are considered creditors if the consumer ultimately is responsible for the medical fees.”
However, simply “accepting credit cards as a form of payment does not make you a creditor under the rule.”
Congress requested the delay in part to “pass legislation that will resolve any questions as to which entities are covered by the Rule,” the FTC press release indicated. “Congress needs to fix the unintended consequences of the legislation establishing the Red Flags Rule — and to...