Posts Tagged ‘FTC’

The Federal Trade Commission’s (FTC) compliance deadline for creditors and financial institutions to develop and implement an identity theft prevention program under the Red Flags Rule was delayed—yet again. The implementation date originally set for Nov. 1, 2008 has been delayed three times to 2009 dates: May 1, Aug. 1, and Nov. 1. At the request of Congress members, the latest implementation date now extends to June 1, 2010.

There has been question as to how the Red Flags Rule applies to health care providers. According to the FTC’s Fighting Fraud with the Red Flags Rule: A How-To Guide for Business, page 9-10, “The definition of ‘creditor’ is broad and includes businesses or organizations that regularly defer payment for goods or services or provide goods or services and bill customers later. Utility companies, health care providers, and telecommunications companies are among the entities that may fall within this definition, depending on how and when they collect payment for their services.”

To help determine if you should comply under the Red Flags Rule, the FTC offers resources on their Web site. The FTC’s resources also include an FTC compliance template and information on how to design and implement an identity theft prevention program. The American Medical Association (AMA) also has prepared a sample policy template for providers.

For excellent coverage on the Red Flags Rule, read pages 18-19 in the February 2009 issue of Coding Edge.

Just days away from the Aug. 1 implementation deadline, the Federal Trade Commission (FTC) announced July 29 it will further delay enforcement of the Identify Theft Red Flags Rule. Creditors and financial institutions now have until Nov.1 to develop and implement a written Identity Theft Prevention Program.

Read more »

The Federal Trade Commission (FTC) announced Thursday, April 30, it is postponing implementation of its Red Flags Rule “to give creditors and financial institutions more time to develop and implement written identity theft prevention programs.” The FTC also announced that it is developing templates for smaller businesses that “know their customers,” such as providers.

See the official announcement on the FTC Web site, and watch EdgeBlast and Coding Edge for more information.

CVS, the nation’s largest retail pharmacy chain, will pay the U.S. government a $2.25 million settlement and take corrective action to ensure it does not violate privacy when disposing of patient information, such as identifying information on pill bottle labels.

The settlement, which applies to all of CVS’ more than 6,000 retail pharmacies, follows an extensive investigation by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) for potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule.

Read more »

The new Red Flags Rules go into effect May 1. These rules, enforced by the Federal Trade Commission (FTC), are meant to combat consumer identity theft, and apply to any business qualifying as a creditor or financial institution under the law.

Many doctor’s offices, hospitals, and other health care providers qualify as creditors according to the FTC and will be required to spot and heed the red flags that are often telltale signs of identity theft. To comply with the new Red Flags Rules, your practice may need to develop a written red flags program to prevent, detect, and minimize the damage from identity theft.

Read more »

The Federal Trade Commission (FTC) will suspend enforcement of the new Red Flags Rule until May 1, 2009. This gives financial institutions and creditors (as well as medical practices) additional time to implement written identity theft prevention programs. The Enforcement Policy Statement release does not affect other federal agencies’ enforcement of the original Nov. 1 deadline for institutions subject to compliance. Read more »