Identity Theft,

The Red Flags Rule

&

The AMA

As discussed previously on this site, FACTA legislation and Disposal Rule has been in place since 2003.  The additional Red Flag's Rule was added and began to be enforced in the fall of 2007.  The increase in publicity recognizing the prevalence of Identity Theft, the #1 white collar crime in America, has brought the importance of protecting your own identity as well as those you do business with.  Regardless of the industry your business follows, it is imperative that you provide protection to your clients, customers and in this case, your patients.

In defense of ALL businesses that state they are not aware of the definition of "creditors" made by the FTC, general information may have been advantageous for these companies to become aware of their necessity to abide by the rulings of the Red Flag's Rule. 

On the other hand, I will tell you that I and many, many others have been out in the business community speaking to many business owners which includes medical clinics and physicians, about FACTA, the Disposal Rule and the Red Flag's Rule over the past couple years.  The general consensus that we have encountered is the flat denial that THEIR business needs to abide by these rulings.  This denial as well as the lack of interest regarding these new guidelines has caused an extension of the deadline from November 1, 2008 to May 1, 2009 a mere few weeks away.  The last letter written by Betsy Broder of the FTC states that another extension is not being considered.  A copy of this letter dated 2/9/09 can be reviewed HERE; the letter also provides additional definitions and guidelines by the FTC.  The final ruling and definition of "creditor" as defined by the Equal Credit Opportunity Act is:

Last response from Betsy Broder of the FTC by Alexei Alexis.

            The ECOA defines "creditor" as "any person who regularly extends, renews or continues credit; any person who regularly arranges for the extension, renewal or continuation of credit; or any assignee of an original creditor who participates in the decision to extend, renew or continue credit."  "Credit", in turn, is defined by the ECOA as "the right granted by the creditor to a debtor to defer payment of a debt or to incur debts and to defer its payments or to purchase property or services and defer payment therefor."  The agencies concluded that the plain language of the statute covered all entities engaged in the provision of credit, as broadly defined by the ECOA, and does not permit industry-based exclusions.

The biggest argument at first was the AMA stating that physicians already have to comply with HIPAA legislation and that is adequate, therefore, physicians do not have to fulfill the requirements of the Red Flag's Rule.  The Red Flag's Rule addresses another area that needs to be protected, the personal identity of employees as well as clients, customers or patients.  Both Acts address privacy, although different types of privacy and different types of information.  Although many times in the medical community, this information may overlap, this does not exclude the fact that personal information is not routinely treated the same as medical information.