The Federal Trade Commission issued a 17-page how-to guide to help organizations comply with new privacy measures required under what it calls the red flags rule. The ruleset to be enforced beginning May 1 after a six-month reprieveis directed at creditors and financial institutions. Last year hospitals and physicians were surprised when it became clear it would apply to them. The rule, which stems from the Fair and Accurate Credit Transactions Act of 2003, requires covered entities to have written policies that specify indicators, or red flags, of identity theft and procedures to detect and respond to them. The FTC interprets the law to apply to any organization that allows deferred payment for services, including hospitals that establish payment plans for patients unable to pay their bills or physician practices and hospitals that collect billing information and copayments and then bill patients later for the balance they owe.
Late News: FTC issues guide on privacy measures under red flags rule
Send us a letter