Don’t delay because of Red Flags Rule delay
The Federal Trade Commission (FTC) pushed back its compliance date Thursday on the “Red Flags Rule” from May 1 until August 1, giving healthcare facilities considered to be “creditors” three extra months to implement an identity theft prevention program.
But that does not mean healthcare entities should delay implementing a program–especially when you’re dealing with the FTC, an organization known for harsh punishment and corrective measures.
“Don’t forget, this is a much different agency than [Office for Civil Rights] and CMS, the enforcement agencies for HIPAA, and if they do show up, the consequences will likely be severe,” says Kate Borten, CISSP, CISM, president of The Marblehead Group in Marblehead, MA.
The Red Flags Rule aims to keep the FTC away. It forces any organization considered to be a “creditor” to implement programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft.
Read my full piece on healthleadersmedia.com.
About the Author: Dom Nicastro is a senior managing editor for HCPro, Inc.’s revenue cycle division. He manages the Patient Access Resource Center and develops training, management, and compliance products for the company’s editorial team in the areas of:
• Revenue cycle
• HIPAA
• Corporate Compliance
• Materials Management
• Patient Access
• Patient Financial Services.
Dom is the former editor of the Gloucester Daily Times, where he led the paper to the New England News Association Newspaper of the Year in 2005 and a runner-up for the same award by the New England Press Association in 2007.