"White Flag" for Red Flags Rule
This probably shouldn't come as a surprise to most people, but the federal Red Flags Rule has been delayed yet again. As reported by Jim Kim of FierceComplianceIT: The Federal Trade Commission has once again delayed the enforcement of the Red Flags Rules, which would require financial and other "creditor" companies to implement anti-identity theft (identity theft news) policies as laid out by the Fair and Accurate Credit Transactions Act, which went into effect in January 2008. Companies now have until Dec. 21, 2010. The biggest reason behind the delay is extensive objection from the medical/ healthcare industry: Medical and osteopathic associations Friday, May 21, sued the FTC for covering them under the Red Flags Rule, which requires them to start verifying their patients' true identities before they agree to treat them. The lawsuit seeks to prevent the FTC from defining physicians as "creditors" whenever they do not require payment in full at the time they provide care, and later bill them, according to the brief filed by the American Medical Association and the American Osteopathic Association and the Medical Society of the District of Columbia, the District Court where the case was filed. "We do already have a number of rules and regulations to follow to protect patient privacy and information security, and these have recently been strengthened with ARRA and HITECH," says Chris Simons, RHIA, director of UM & HIMS and the privacy officer at Spring Harbor Hospital in Westbrook, Maine. "Requiring healthcare providers to follow the Red Flags Rule is just another regulatory hoop for us to jump through." I have to say, this is a really good point: Bonnie McLaughlin, a development analyst for Medical Information Technology, Inc. in Westwood, MA, says she is "horrified" by the attempt to exempt physician practices from the Red Flags Rule. "It is just as possible that someone can use my identity/insurance/financial information when presenting at a physician's office as it would be in a larger healthcare setting," McLaughlin says. McLaughlin says devising a Red Flags Rule policy "can be relatively simple." "If these providers would simply read through the ruling and understand exactly what is involved in meeting this requirement, they would have already been able to meet the criteria in the amount of time they have taken resisting being held accountable," she says.