Red Flags Rule

Effective November 1, many physicians will be required under federal law to assist the government in detecting, preventing and mitigating "red flags" of identity theft. The Federal Trade Commission (FTC) implemented the so-called Red Flags Rule, which will impose certain duties on financial institutions and "creditors with the goal of curtailing the growing issue of consumer identity theft.

The AMA, with the support of the SDSMA, is continuing its efforts to persuade the FTC that physicians are not “creditors,” and therefore should not be subject to the Red Flags Rule. In the interim, the AMA has prepared a guidance document, along with sample policies, so that members can incorporate a simple identity theft prevention and detection program into their existing compliance and HIPAA security and privacy policies.

• FTC Announcement of November 1 Delay
• Red Flags Rule Resources

Other Sources of Information:

• Background Information
• Enforcement Policy
• The Red Flags Rule: What providers need to know about complying with the new requirements for fighting identity theft.