Resources

Description
Services
Attorney Directory
Publications
Representative Matters
 

Related Services

Nonprofit Organizations
Green Strategies
Employment
Government Relations
Litigation
Construction
Bonds
 
   Health Care

Introduction to the Red Flag Rules for Hospitals

Subscribe to the OHA/Bricker Red Flag Rules
Compliance Guide for Nonprofit Hospitals

Pursuant to regulations (the Red Flag Rules) issued by the Federal Trade Commission (FTC), "financial institutions" and "creditors" are required to develop and implement written identity theft prevention programs, as part of the Fair and Accurate Credit Transactions (FACT) Act of 2003. Hospitals that accept deferred payments for medical services will fall within the definition of "creditor" under the FTC's new Red Flag Rule and must develop and implement written identity theft prevention programs by November 1, 2008 to comply with these new regulations.

UPDATE: THE FTC HAS EXTENDED THE COMPLIANCE DATE UNTIL JUNE 1, 2010. Read more . . . .

The purpose of the written identity theft prevention program is to detect, prevent, and mitigate identity theft in connection with new or existing covered accounts. The program must be appropriate to the size and complexity of the creditor and the nature and scope of its activities.

Who must comply with the Red Flag Rules?

The Red Flag Rules apply to “financial institutions” and “creditors” with “covered accounts.” Under the rules, a creditor is any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit. A covered account is an account used mostly for personal, family, or household purposes, and that involves multiple payments or transactions. Thus, hospitals that accept deferred payments for medical services – whether they are for-profit, non-profit, or governmental entities – will likely fall within the definition of "creditor," requiring compliance with these rules.

Complying with the Red Flag Rules

Under the Red Flag Rules, financial institutions and creditors must develop a written program that identifies and detects the relevant warning signs – or “red flags” – of identity theft. The written program must include reasonable policies and procedures to:

  1. Identify relevant Red Flags for the covered accounts that the creditor offers or maintains and incorporate those Red Flags into its program;

  2. Detect Red Flags that have been incorporated into its program;

  3. Respond appropriately to any Red Flags that are detected;

  4. Update the program periodically to reflect changes in risks from identity theft to customers and to the safety and soundness of the creditor from identity theft.

Full text of the Federal Register rules

Frequently Asked Questions From the Federal Trade Commission on the Red Flag Rule

Federal Trade Commission's Red Flag Rule How-To Guide

FTC Publishes Red Flag Do-It-Yourself Template for Low-Risk Businesses

Read more about the OHA/Bricker Compliance Guide for Nonprofit Hospitals and find out how you can subscribe today.

If you are already a subscriber to the compliance guide, click here to login.

 

 

 
Compliance Guide

OHA and Bricker & Eckler Hospital Compliance Guide for Red Flags Rules

To help you develop a compliant identity theft prevention program for your hospital, Bricker & Eckler in collaboration with The Ohio Hospital Association have developed an on-line compliance guide that will provide essential information and best practices to comply with the Federal Trade Commission's Red Flag Rules and Address Discrepancy Notification.

Read more about the compliance guide

Already a subscriber?
Login here

 
Highlights

Stay current with our
HEALTH CARE E-ALERTS

Our Resource Centers have specialized information on a variety of health care topics
EMTALA
Ohio Trauma
Medicare Fraud & Abuse
HIPAA Privacy & Security
Provider-Based Regulations Medical Staff Series
CMS Resources
CMS' DFR Report

What's happening in the 127th Ohio General Assembly
Health Legislation

A collection of articles from Brickerconstruction.law.com Newsletter on hospital and health facilityconstruction
Hospital & Health Facility Construction Resource Center

Visit our affiliated quality management consulting company
QMCG
 

 

 

Copyright 2005-2008, Bricker & Eckler LLP, all rights reserved.  Please read our Privacy Notice.
The words Bricker & Eckler and its logo are registered trademarks of Bricker & Eckler LLP