October 30, 2008
Healthcare Subject to FTC ID Theft Rules
Many Healthcare Organizations Are Unprepared for Nov. 1 Deadline
"Red Flag" Rules Marks Unusual FTC Foray into Healthcare
Many healthcare organizations are not aware that they will come under Federal Trade Commission (FTC) authority as a result of identity theft rules that were once thought to only apply financial institutions and other lenders.
The so-called “Red Flag” rules require any organization – including non-profits and government agencies not traditionally subject to FTC jurisdiction -- that does not require payment at the time it provides service to establish and maintain a program to spot and address possible ID theft.
This interpretation by the FTC has surprised healthcare organizations and many others, who thought that the regulations under the Fair and Accurate Credit Transactions Act -- a law aimed at financial institutions, credit reporting agencies and others who provide financing for products or services – did not apply to healthcare providers.
In recent weeks, the FTC has signaled that the law’s requirements now apply to anyone business or organization that that does not get paid in full in advance or at the time of a purchase or service.
That means most healthcare organizations as well as nonprofits and government agencies are subject to the requirements.
With a Nov. 1 deadline to have a compliance plan in place, healthcare organizations must take action now.
To assist healthcare organizations meet these new mandates, Melamedia, LLC, publishers of Health Information Privacy/Security Alert sponsored:
Healthcare Compliance with the FTC Red Flag Rules
Participants are briefed on:
- Why the Red Flag Rules apply to healthcare
- What the Red Flag rules require
- Under what circumstances healthcare organizations must comply with the rules
- Practical steps to take to comply with the Red Flag rules
- Areas of HIPAA compliance that may provide some compliance coverage
- The outlook for enforcement, and
- much more.
Who Should Listen
Third Party Administrators
Pharmacy Benefit Managers
Healthcare Attorneys and Consultants
Government Health Services Officials
Researchers Who Require Patient Payment for Any Service Provided in Clinical Trials
Robert Gellman, JD, a is privacy and information policy consultant in Washington, DC, and co-author of Red Flag and Address Discrepancy Requirements: Suggestions for Health Care Providers, produced by the World Privacy Forum. He served as a member of the National Committee on Vital and Health Statistics (NCVHS) from 1996-200. From 1977 to 1994, he served as a staff member and Chief Counsel of the House Government Operations’ Subcommittee on Information, where he was responsible for the panel’s information policy activities, hearings, oversight, legislation, and reports on general privacy matters, Freedom of Information Act, Privacy Act of 1974, health privacy, collection and dissemination of electronic data and security classification.
Gerald “Jud” DeLoss, JD, is vice chair of the American Health Lawyers Association’s Health Information & Technology Practice Group and a principal at Gray Plant Mooty, where his practice focuses on representing medical providers in Health Information Technology (HIT), HIPAA, medical staff credentialing, fraud and abuse, transactions, and regulatory compliance
Continuing Education Credits
- All seminar participants will receive a certificate of participation
- 1.5 IAPP Credits - Pending
The CD recording with all course materials are excellent educational and briefing resources: $275
Download the form at http://www.melamedia.com/10_30_order.CD.form.pdf and fax it to 703.619.4912