Under FACTA, the term “creditor” is defined as any entity that regularly extends, renews or continues credit; regularly arranges for the extension, renewal or continuation of credit or any assignee of an original creditor. Bottom line – “Any person providing service or product for which the consumer pays after delivery is a creditor.” The initial implementation date for this ruling was November 2008. Due to pressure from the AMA and other healthcare organizations the FTC has agreed to a suspension of enforcement until May 1, 2009. The FTC has not changed its position on the broad reach of the rule “Creditors are defined to include any service provider (such as a physician practice) that does not get paid at time of service.” Also, a “covered account” is any patient account that involves information that is vulnerable to identity theft such as social security numbers.
The suspension of the enforcement until May 1, 2009, is given to allow “additional time in which to develop and implement written identity theft programs.”
Some of the basic elements required for your Identity Theft Program include:
- Identify relevant “Red Flags” (ex. Presentation of suspicious personal identifiers; the presentation of suspicious documents; alerts, notifications and other warnings from the consumer, etc.)
- Detect “Red Flags” when they occur (verify the validity of a change of address request; obtain identifying information and verify the identity of a new patient, etc.)
- Respond Appropriately to a “Red Flag”
- Ensure you update your program periodically
- Updating the Program. Practices may be required to prepare written reports at least annually on the effectiveness of the program.
Review the FTC press release here.
If you would like updates on this issue, please send me (Toni) an email and I will add you to my Red Flag email list.
(Information source: HBMA Action gram and FTC Press release.)
|
