Focus Rheums| ACR Convergence 2024 Previews

An official publication of the ACR and the ARP serving rheumatologists and rheumatology professionals

Identity Theft: Red Flag Rules Take Effect

  |  Issue: April 2009  |  

The Federal Trade Commission (FTC) has adopted a rule that requires creditors to institute programs to spot suspicious activity (commonly called “red flags”) that may signal identity theft, and the red flag rules take effect May 1, 2009. The FTC defines a creditor as any entity that regularly accepts deferred payment for goods and services.

According to the American Medical Association (AMA), several FTC attorneys have interpreted the term “creditor” to include physicians, if the physicians do not collect full payment at the time of services rendered and instead bill the patient at a later date. This includes situations where a physician bills a patient’s health insurance first, noting that the patient is ultimately responsible for any amount due.

ADVERTISEMENT
SCROLL TO CONTINUE

On February 4, the FTC responded to the AMA’s September 30 letter outlining why physician practices should not be considered “creditors” and asking that the FTC reconsider their interpretation of the term “creditors” in regard to physicians.

The FTC continues to assert that physicians who regularly bill their patients for services rendered are creditors and must develop and implement written identity theft–prevention programs for their practices by May 1, 2009.

ADVERTISEMENT
SCROLL TO CONTINUE

The AMA will continue to stress that physicians are not creditors and will continue to ask the FTC to comply with the “Administrative Procedure Act” by issuing another rule, which would allow for a period of public comment. The AMA also plans to produce an awareness campaign around identity theft in the healthcare industry.

The Final Rule (16 CFR 681.2(b)(5)) mentions lenders such as banks, finance companies, automobile dealers, mortgage brokers, utility companies, and telecommunication companies, but does not include physicians or healthcare providers.

In order to comply with the rules set forth by the FTC, physicians and health professionals should ensure that their identity theft programs are able to:

  • Identify patterns and practices that could signal red flags;
  • Respond appropriately when red flag events occur; and
  • Periodically review the program to reflect any changes in risk.

The complete federal guideline can be found at www.ftc.gov. For more information on this or any other government affairs issue, contact Aiken Hackett, director of government affairs, at [email protected].

Related Articles

    Keep ACR’s Advocacy Voice Strong with the American Medical Association

    As the result of years of coalition work with partners at the AMA, the ACR recently celebrated a major advocacy win when the FTC announced an investigation of PBM business practices. Join or renew your AMA membership before Sept. 1 so the ACR can keep delegate seats to drive action within the AMA.

    Practice Page: Protecting Your Practice through Compliance

    Compliance programs are an effort by the government to maintain integrity in the healthcare system. These programs target activities causing improper payment to determine their root cause: Was it a mistake or error, was it inefficiency or waste of resources, is the provider bending the rules or abusing the system, or was it intentional deception or fraud? There are also laws dictating the compliance culture within practices and institutions; for example, red-flag rules, antikickback statute, and stark law, to name a few.