The FTC ruled that medical practices can be considered creditors, and are subject to the "Red Flags Rule," designed to prevent identity theft. This necessitates that many offices develop a written policy to comply with the rule by June 1, 2010*. PCC has written previously about the Red Flags Rule to help you understand the issue and how it affects your practice.
To help you comply, we have created a template policy (Download the Microsoft Word or Open Office Document) that you can adapt to your practice specific needs. Also see our article which provides a general outline of what should be included in your Identity Theft Program if you determine the Red Flags Rule applies to your practice.
Note: Your practice may need to develop a written Identity Theft Prevention Program to comply with the Federal Trade Commission's Red Flags Rule (16 C.F.R. §681.2). You should review the FTC’s Red Flags Rule and seek legal counsel to determine if it applies to your practice. PCC's template risk assessment and ID Theft Program is provided to assist you in complying with the Red Flags Rule. It is not offered as legal advice. You should seek legal counsel in performing your practice's risk assessment and in the adoption of your practice's Red Flags Rule ID Theft Program.
*Update: The FTC announced a series of delays where enforcement of the rule will not begin until June 1, 2010.