Don’t let your compliance flag – Guidance on the Red Flags Rule
Abstract: The Federal Trade Commission requires many organizations — including some hospitals — to implement a written identity theft prevention program to, among other things, detect the “red flags” of identity theft in their day-to-day operations. Under the “Red Flags Rule,” covered hospitals must maintain a program that addresses both the secure collection and maintenance of patient data and the detection of warning signs that a crook is using someone else’s proprietary information. This article looks at what types of “covered accounts” can cause a hospital to be subject to the rule, along with what an identity theft prevention program should include. A sidebar discusses administration of such a program.