- HIPAA Update - http://blogs.hcpro.com/hipaa -

Should feds remove small practices from Red Flags Rule compliance?

Eliminating small practices from complying with the FTC's identity theft prevention program regulation would lead to more identity violations, according to one authority on Red Flags Rule compliance.

Randy Berry, BA, CPA, financial leader and Red Flags Rule compliance expert with Columbus Healthcare & Safety Consultants in Columbus, OH, says it would be unfortunate if entities with 20 or fewer employees are let off the compliance hook.

In December 2009, the U.S. District Court issued a summary judgment in favor of the American Bar Association that said the Red Flags Rule does not apply to attorneys or law firms.

Piggybacking off that decision, a group that includes the American Dental Association, American Medical Association, American Osteopathic Association, and the American Veterinary Medical Association wrote a letter to the FTC urging it to remove them from compliance. Also, the House passed a bill last year that calls for removing entities with 20 or fewer employees from Red Flags Rule compliance.

The FTC's compliance date with Red Flags has been in effect for nearly a year and a half (November 1, 2008). The enforcement date, however, has been delayed four times. It is now June 1, 2010.

Read more on HealthLeaders Media [1].