UMA - Utah Medical Association

 

 

.

Members Only

Renew Membership

JOIN UMA

Member Directory

Officers/Staff

Committees

Events/Calendar

Payment to UMA

 

 

Red Flags Rule -- No Longer Applies to Most Physicians

UPDATED - December 14, 2010

After the FTC postponed enforcement of the Red Flags Rule seven times, Congress finally acted last week to exclude almost all physicians from its requirements. Pending President Obama’s expected signature, physicians and other health care providers that only extend credit “for expenses incidental to a service” they provide to a patient will not have to worry about the rule.

The rule will still apply to those that “regularly and in the ordinary course of business” “obtain or use consumer reports” or “furnish information to consumer reporting agencies” “in connection with a credit transaction.” The FTC will also be able to write rules to include other creditors that the FTC decides “offer or maintain accounts that are subject to a reasonably foreseeable risk of identity theft.” But it cannot extend to physicians who just bill patients and their insurance companies after the appointment.

Physicians should of course still be wary of circumstances that might indicate a patient is trying to use someone else’s health insurance or identity. But most won’t have to answer to the federal government for it.

The bill was passed by the Senate on November 30, 2010, by unanimous consent. The House agreed to it by a voice vote on December 7. It was presented to the President for his signature on December 8.

Text of S. 3987, the “Red Flag Program Clarification Act of 2010” (as passed by Congress) can be found here: http://www.gpo.gov/fdsys/pkg/BILLS-111s3987enr/pdf/BILLS-111s3987enr.pdf

AMA’s statement, “Congress clarifies red flags rule; AMA instrumental in outcome”: http://www.ama-assn.org/ama/pub/amawire/2010-december-08-general_news1.shtml

FTC’s statement on Congress’s passage of the Red Flags clarification law: http://www.ftc.gov/opa/2010/12/redflags.shtm
 

December 8, 2010

In a voice vote yesterday, the U.S. House of Representatives passed Senate legislation exempting physicians from identity theft regulations called "Red Flag Rules" that organized medicine has criticized as an unnecessary administrative burden.

The legislation, which awaits the signature of President Barack Obama, averts enforcement of the regulations in medical practices that would have taken effect January 1.

The Red Flag Rules implement portions of the Fair and Accurate Credit Transactions Act enacted in 2003. Under these rules, financial institutions and credit-extending businesses such as retailers and car dealerships must draft formal plans on how they will look out for warning signs, or red flags, of identity theft and then deal with any cases they discover.

The American Medical Association and the American Osteopathic Association sued the Federal Trade Commission earlier this year to spare their members from the regulations. According to their lawsuit, physicians are already addressing identity theft concerns under the Health Insurance Portability and Accountability Act. Besides creating needless administrative chores, the Red Flag Rules would interfere with the physician–patient relationship by forcing physicians to take a distrustful approach to new patients and their identity.

The medical associations also contended that physicians should not be viewed as creditors in the same vein as car dealerships simply because they allow patients to pay their bills after the time of service. The legislation approved by the House and Senate reflects this understanding of the term "creditor" and rewrites the Red Flag Rules to exclude any business that "advances funds on behalf of a person for expenses incidental to a service provided by the creditor to that person."

"We hope that the [Federal Trade Commission] will now withdraw its assertion that the red flags rule applies to physicians," American Medical Association President Cecil Wilson, MD, said in a press release issued today. For its part, the American Osteopathic Association stated that "this clarification of the definition of 'creditors' puts an end to the regulatory and legal wrangling that has plagued this important consumer protection since 2008."

SOURCE:  MedScape Medical News

 

Older outdated information -- May 28, 2010

The following is an announcement from the FTC regarding the Red Flags Rule:

At the request of several Members of Congress, the Federal Trade Commission is further delaying enforcement of the “Red Flags” Rule through December 31, 2010, while Congress considers legislation that would affect the scope of entities covered by the Rule.

 

In the interim, FTC staff has continued to provide guidance, both through materials posted on the FTC website, and in speeches and participation in seminars, conferences and other training events to numerous groups. The FTC also published a compliance guide for business, and created a template that enables low risk entities to create an identity theft program with an easy-to-use online form. The FTC staff also has published numerous general and industry-specific articles, released a video explaining the Rule, and continues to respond to inquiries from the public. To assist further with compliance, FTC staff has worked with a number of trade associations that have chosen to develop model policies or specialized guidance for their members. 

It is unknown if the AMA's recently announced lawsuit against the FTC over the inclusion of physicians in the scope of the rule had any part in the new delay, but the FTC's announcement comes as a welcome relief to those physician offices which were unprepared to comply with the Red Flags requirements. UMA continues to encourage physicians to develop and incorporate plans to prevent and respond to identity theft in the medical office.

 

December  31, 2010 is the current deadline set by the Federal Trade Commission for enforcement of its Red Flags Rule targeting “creditors,” which may include physicians. According to the FTC, any physician that routinely sees patients without getting up-front payment in full (including billing insurance), must comply with this rule.

 

In response to indications that the rule will apply to physician practices, the AMA successfully persuaded the FTC to delay implementation of the rule until now. Organized medicine is continuing efforts to persuade the FTC that physicians are not "creditors," and therefore not subject to the Red Flags Rule, but so far, the FTC has not budged.

 

In the mean time, you need to determine whether the rule applies to you and what you need to do about it. What’s needed to comply with the rule depends on the size and nature of your practice. In general, “creditors” will need to develop and implement written identity theft prevention and detection programs to protect patients and the office from identity theft.

Here are a couple of new resources to assist you:

"What you need to know about the Red Flags Rule"

Sample practice policy

 Medical Identity Theft is a growing problem that this rule is attempting to address.

Previous Information:

When it announced the previous postponement, the Federal Trade Commission (FTC) said, “To assist small businesses and other entities, the Federal Trade Commission staff will redouble its efforts to educate them about compliance with the ‘Red Flags’ Rule and ease compliance by providing additional resources and guidance to clarify whether businesses are covered by the Rule and what they must do to comply.”  Previously the FTC postponed the deadline for requiring businesses to develop and implement identity theft prevention programs to May 1, 2009, then to August 1, 2009, and again to November 1, 2009.  Although the AMA and other physician organizations have argued that the "Red Flags Rule" should not apply to physician offices, the FTC continues to assert that physician offices are "creditors" and must comply with the regulations.

If your practice has not begun to develop your identity theft prevention program, hesitate no longer.  Begin today to create a written program with policies and procedures for identifying, detecting, and responding to medical identity theft for patient billing accounts and medical records, and re-evaluate the program at least annually.

The Red Flags Rule applies to all "creditors" with "covered accounts."  The definition of creditor includes businesses or organizations that regularly defer payment for goods or services, or regularly provide goods or services and bill customers later. Accepting credit cards as a form of payment does not, by itself, make an entity a creditor. Covered accounts include any kind of account you offer your patients that involves or is designed to permit multiple payments or transactions, or for which there is a reasonably foreseeable risk to patients or to the practice from identity theft.  Nearly all medical practices fall into these broad definitions.

For additional information about the background and reasoning for the Red Flags Rule, visit the FTC’s Red Flags Web site, www.ftc.gov/redflagsrule.  This site has a 4-step guide for low-risk businesses to create their own program.  This guide refers to the FTC’s 17-page Red Flags Rule How-To Guide for Businesses is available at www.ftc.gov/bcp/edu/pubs/business/idtheft/bus23.shtm

For a copy of the complete Red Flags Rule, click here. (Bureaucratic Excess Warning: 256 pages long)

An excellent, and mercifully brief Fact Sheet on compliance with the Red Flags Rule has been developed by the American Academy of Dermatology.  (Note: this sheet does not have the updated deadline dates.)

The law firm of Kern Augustine Conroy & Schoppmann, P.C. has created an Identity Theft Prevention Program Template from which a practice might begin to develop their own written compliance document.

The American Medical Association has also developed extensive physician helps on this issue which are available on the AMA Members Website.

If you have additional questions, feel free to contact UMA General Counsel Mark Brinton, JD, at the UMA office or by emailing legal@utahmed.org

Back to UMA Home Page

Copyright © 2011 Utah Medical Association