ACS NewsScope

A Weekly News Update from the American College of Surgeons
******************************************************************************

April 17, 2009

"RED FLAGS RULE" TAKES EFFECT MAY 1 DESPITE PHYSICIAN OPPOSITION

The Federal Trade Commission's (FTC's) "Red Flags Rule" becomes effective
May 1. Issued in November 2007, this regulation requires entities that
regularly extend, renew, or continue credit to establish a written program
for preventing identity theft. The protection system also must be capable
of detecting and responding to warning signs of identity theft. The FTC
has taken the unofficial position that hospitals and other health care
providers, including physicians, fall under the definition of "creditors"
if they issue invoices, receive payments in installments, or otherwise
defer payment for services.

The American College of Surgeons and other physician groups joined the
American Medical Association (AMA) in opposing the application of the rule
to physicians. These organizations have asserted that the FTC failed to
consider the additional legal and administrative burdens the rule would
impose on physicians when the Health Insurance Portability and
Accountability Act (HIPAA) already requires them to keep patient
information private and secure. Despite continued opposition of the
medical community, the implementation date remains May 1. Violations of
the regulation will result in a penalty of up to $2,500 per "knowing
violation." The AMA has prepared a guidance document, along with sample
policies, to assist physicians in bringing their existing HIPAA security
and privacy policies into compliance with the Red Flags Rule. The College
urges all of its members to review these documents at:

http://www.ama-assn.org/ama/no-index/physician-resources/red-flags-rule.shtml