mgma.com > Public Policy Home > Compliance > Red Flags Rule Resource Center

Red Flags Rule Resource Center

Are you ready to implement an identity theft prevention program in your practice by June 1, 2010?

The Federal Trade Commission (FTC) is delaying enforcement of the “Red Flags” Rule until June 1, 2010.  As part of the FTC's implementation of the Fair and Accurate Credit Transactions (FACT) Act of 2003, most medical providers would have needed to comply with the "Red Flags" rule November 1, 2009. The rule requires "creditors" – which the FTC defines to include most health care providers – to establish a program to prevent identity theft in their practices.

Free 30-minute Red Flags Rule Webinar 

• Learn the requirements of the Red Flags Rule, including definitions of key terms
• Review guidance from the FTC to help you comply
• Get a list of helpful resources from MGMA

Prep Your Practice for June 1, 2010

• Read the Red Flags Rule Summary  
  Get the background and the basic requirements of the rule, including guidance from the FTC in its appendix to the rule.
  
  
• The FTC's Web site is dedicated to Red Flags guidance. The FTC's Feb. 4, 2009 letter   also provides an indication of how the FTC sees the rule affecting healthcare providers. Have questions? Contact the FTC at redflags@ftc.gov.
  
  

  Fighting Fraud with the Red Flags Rule: A How-To Guide for Businesses

  Complying with the Red Flags Rule: A Do-It-Yourself Prevention Program for Businesses and Organizations at Low Risk for Identity Theft
  
  FAQs 
  

• Sample procedures in MGMA format 
  To get you started as you adapt various identity theft prevention procedures into MGMA format. This is not to be taken as a complete compliant program. As you develop your program, we recommend you consult the MGMA summary, the FTC’s Web site, Appendix A, and the AMA sample policy.
  Updated: Oct. 23, 2009  
  
  
• Red Flag Alert Resource Guide
  Buy a complete set of downloadable documents for your practice, including a detailed analysis, a sample board resolution approving the identity theft program, sample staff training slides and others. Published by the American Health Lawyer's Association. MGMA members get the AHLA's member price of $99.
  
  
• American Medical Association (AMA) identity theft prevention, detection and Red Flags Rule compliance    
  Sample policy available to MGMA members by the AMA
  
  
• What you need to know about the Red Flags Rule  
  The physician perspective on Red Flags, available to MGMA members by the AMA
  
  
• Complete text of the Red Flags Rule (including Appendix A) 
  
  
• Complete multi-agency Federal Register issuance on the Red Flags Rule, including commentary, text of the rule, and Appendices (59 pages) 

Red Flags Rule Advocacy 

MGMA is still concerned about how this rule applies to health care providers and objects to the FTC's late notification that providers are considered "creditors." As a result of the late notification, the health care community was not able to provide meaningful comments to the agency on the rule, which is normally the case in the rulemaking process. We will continue our advocacy efforts on this issue.

• Coalition letter to the FTC objecting to its interpretation of "creditors" 
  Feb. 23, 2009
  
  
• FTC's letter reasserting its position that health care providers are "creditors" 
  Feb. 4, 2009
  
  
• FTC notice of the Red Flag rules enforcement delay
  Oct. 22, 2008
  
  
• Coalition letter asking for clarification of the FTC Red Flags rules application 
  Sept. 24, 2008