The Federal Trade Commission (FTC) has adopted a rule that requires creditors to institute programs to spot suspicious activity (commonly called “red flags”) that may signal identity theft, and the red flag rules take effect May 1, 2009. The FTC defines a creditor as any entity that regularly accepts deferred payment for goods and services.
According to the American Medical Association (AMA), several FTC attorneys have interpreted the term “creditor” to include physicians, if the physicians do not collect full payment at the time of services rendered and instead bill the patient at a later date. This includes situations where a physician bills a patient’s health insurance first, noting that the patient is ultimately responsible for any amount due.
On February 4, the FTC responded to the AMA’s September 30 letter outlining why physician practices should not be considered “creditors” and asking that the FTC reconsider their interpretation of the term “creditors” in regard to physicians.
The FTC continues to assert that physicians who regularly bill their patients for services rendered are creditors and must develop and implement written identity theft–prevention programs for their practices by May 1, 2009.
The AMA will continue to stress that physicians are not creditors and will continue to ask the FTC to comply with the “Administrative Procedure Act” by issuing another rule, which would allow for a period of public comment. The AMA also plans to produce an awareness campaign around identity theft in the healthcare industry.
The Final Rule (16 CFR 681.2(b)(5)) mentions lenders such as banks, finance companies, automobile dealers, mortgage brokers, utility companies, and telecommunication companies, but does not include physicians or healthcare providers.
In order to comply with the rules set forth by the FTC, physicians and health professionals should ensure that their identity theft programs are able to:
- Identify patterns and practices that could signal red flags;
- Respond appropriately when red flag events occur; and
- Periodically review the program to reflect any changes in risk.
The complete federal guideline can be found at www.ftc.gov. For more information on this or any other government affairs issue, contact Aiken Hackett, director of government affairs, at [email protected].