Monday, October 26, 2009

Red Flags rule update

The House unanimously passed a bill last week that would exempt small practices from the FTC’s new Red Flags identity theft rule, which goes into effect Nov. 1, HealthLeaders Media reports.
Read more
Practices (and other entities) with 20 or fewer employees would not be covered under the requirement, which requires entities considered creditors — pretty much most medical practices — to develop policies for preventing, identifying and responding to identity theft.

Now the bill moves to the Senate.

The bill also exempts an entity that knows all of its customers individually, only performs services in or around the customers’ homes, or has not experienced incidents of identity theft and identity theft is rare for businesses of that type. It’s up to the FTC to determine what entity meets that requirement.

Considering that enforcement of the rule has been pushed back a few times, most recently from Aug. 1 to Nov. 1, and the deadline is just days away, chances are your practice has already developed a Red Flags policy. A show of hands in an audience during the MGMA annual conference earlier this month revealed a vast majority of practices there already had plans in place.

Surely that isn’t a wasted effort, as protecting patients from identity theft is good business. But perhaps the smaller practices may be able to breathe a little easier (particularly those still scrambling to get a policy in place) if the exemption passes.

No comments:

Post a Comment