"Red Flags" Tools
Excerpts from the Washington Watch Weekly
H.R. 3763, Red Flags Legislation, Passes the House—Would Automatically Exempt Some Physician Practices (October 23, 2009)
On October 20, H.R. 3763, legislation introduced by Representative John Adler (D-NJ) that would automatically exempt health care, accounting, and legal practices that employee 20 or fewer employees from the Federal Trade Commission's (FTC) Red Flags Rule, which becomes effective on November 1, unanimously passed the House of Representatives. For those who are not automatically exempt, the bill would allow businesses to apply for an exemption, if the business "knows all of its customers or clients individually; only performs services in or around the residences of its customers; or has not experienced incidents of identity theft and identity theft is rare for businesses of that type." The bill will now be voted on by the Senate Committee on Banking, Housing and Urban Affairs. We will keep you updated.
Federal Trade Commission (FTC) Delays Red Flag Rule Enforcement Until November 1, 2009 (July 31, 2009)
On July 29, 2009, the FTC announced that it would delay enforcement of the Red Flag Rule until after November 1, 2009, to give creditors and financial institutions more time to review FTC guidance and develop written Identity Theft Prevention Programs. They indicated in their release that the FTC staff will redouble its efforts in assisting small businesses and other entities to educate them about compliance and ease compliance by providing additional resources and guidance. The rule was originally scheduled to take effect on August 1, 2009.
As we have been reporting, the FTC announced last summer that it would consider health care providers to be creditors. ASCRS was the first organization to alert the AMA and the medical community on this issue. Because of the concerns expressed by ASCRS and the medical community, the enforcement date, which was originally scheduled for November 1, 2008, has been delayed several times.
Click here to read the FTC announcement.
Red Flags Legislation Does Not Exempt All Physician Practices (June 12, 2009)
On May 12, 2009, a bill (HR 2345) was introduced that would “amend the Fair Credit Reporting Act to provide for an exclusion from Red Flag Guidelines for health care practices with 20 or fewer employees.” A number of medical societies, including ASCRS and the AMA, did not sign-on to a coalition letter drafted by the American Dental Association (ADA) in support of the legislation, because we believe HR 2345 does not go far enough to address some of the critical issues raised by the physician community about the Red Flags Rule. ASCRS continues to believe that all physician practices, regardless of the number of employees, should be exempt and that physicians should not be deemed “creditors.” We are concerned that if physicians are deemed “creditors,” there is a potential they would eventually be subject to additional regulations that impact true creditors. As you know, the Red Flags Rule has been delayed until August 1, 2009 as a result of the medical communities united efforts on this issue. ASCRS, along with others in the medical community, will continue to work with Congress and the Federal Trade Commission (FTC) to address the issue.
Federal Trade Commission (FTC) Delays Enforcement of "Red Flags" Rule Until August 1, 2009 (May 1, 2009)
The FTC announced late yesterday, April 30, 2009, that they have delayed the enforcement date of the Red Flags Rule, which requires creditors and financial institutions to develop identity theft prevention programs, until August 1, 2009. The rule was originally scheduled to take effect today, May 1, 2009. ASCRS/ASOA sent an alert to the membership as soon as the delay was announced.
As we have been reporting, the FTC announced last summer that it would consider health care providers to be creditors. ASCRS was the first organization to alert the AMA and the medical community on this issue. Due to the concerns expressed by ASCRS and the medical community, the enforcement date, which was originally scheduled for November 1, 2008, was extended until May 1, 2009.
Yesterday’s announcement stated that the delay is “to give creditors and financial institutions more time to develop and implement written identify-theft prevention programs.” The Commission also announced that it will soon release a template to help entities with a low risk of identity theft, comply with the law.
We will use this time to convince the FTC and the Congress that physicians are not “creditors” and, therefore, should not be subject to this rule. Click here to read the announcement.
ASCRS, AMA Responds to Federal Trade Commission (FTC) on "Red Flags" Rule (February 20, 2009)
Last week, we reported that the FTC officially responded to objections by the medical community that physicians who regularly bill their patients for services rendered are creditors. ASCRS first raised this issue after a number of ophthalmic practices were solicited by legal consultants interested in helping practices develop such programs to comply with the FTC's "Red Flags" rule. According to the letter, the FTC continues to interpret a physician's role in collecting payment for services, as well as collecting copayments and coinsurance, as that of a creditor and will require them to develop and implement identity-theft prevention programs by May 1, 2009.
The AMA and medical community continue to disagree and are sending a letter asking the FTC to issue another ruling and allow public comment. In addition, the AMA and medical community will consult with the Obama Administration on this important matter. A copy of the final letter to the FTC is available on the ASCRS web site. We will continue to keep you updated.
Federal Trade Commission (FTC) to Medical Community: Physicians Are Creditors (February 13, 2009)
This week, the FTC officially responded to objections by the medical community that physicians who regularly bill their patients for services rendered are creditors. ASCRS first raised this issue after a number of ophthalmic practices were solicited by legal consultants interested in helping practices develop such programs to comply with the FTC's "Red Flags" rule. According to the letter, the FTC continues to interpret a physician's role in collecting payment for services, as well as collecting copayments and coinsurance, as that of a creditor and will require them to develop and implement identity-theft prevention programs by May 1, 2009.
The AMA and medical community continue to disagree and will press the FTC to issue another ruling, allowing for public comment. In addition, the AMA and medical community will consult with the Obama Administration on this important matter. We will keep you updated.
ASCRS, AMA, and Other Medical Groups Meet with Federal Trade Commission (FTC) Staff Regarding “Red Flag Rules” (November 21, 2008)
This week, ASCRS participated in an AMA-hosted meeting with other medical specialties and FTC staff regarding the Red Flag Rules. ASCRS was first to raise this issue and seek assistance from the AMA as a result of inquiries about this topic from several of our members.
As reported previously, the FTC’s Red Flag Rules require financial institutions and "creditors" to develop and implement written identity-theft-prevention programs as part of the Fair and Accurate Credit Transactions Act of 2003 (FACTA). Implementation was originally slated for November 1, 2008; however, FTC delayed implementation until May 1, 2009, to allow additional time for creditors and financial institutions to develop and implement written identity-theft-prevention programs.
While the delay was much appreciated, the medical community continues to be concerned that physicians would be subject to complying with the Red Flag Rules. The crux of the issue is whether or not physicians are “creditors.” According to the final rule, a creditor is "any person who regularly extends, renews, or continues credit; any person who regularly arranges for the extension, renewal or continuation of credit; or any assignee of an original creditor who participates in the decision to extend, renew or continue credit.”
During the meeting, FTC staff explained that Congress, when drafting FACTA, adopted the definition of creditor from the Equal Credit Opportunity Act (ECOA). ECOA defines a creditor as anyone who defers payment for goods or services. The Federal Reserve is responsible for enforcing compliance with ECOA.
ASCRS, the AMA, and others have taken the position that most physicians are not "creditors" and, thus, not subject to the Red Flag Rules. The medical community continues to believe that, among its many cogent arguments, that physicians should not be considered creditors simply because they accept insurance and hold the patient responsible for any unpaid amount, as the patient’s indebtedness to the physician is not fixed or certain, and there is no extension of credit, while the claim is being processed by the insurance company.
FTC staff agreed to consider the concerns of the medical community and respond formally to the recent letter. The medical community continues to consider other options for resolving this issue. We will keep you updated.
Federal Trade Commission (FTC) “Red Flags Rule” Delayed until May 1, 2009 (October 24, 2008)
In a recent press release, the FTC announced that it would delay enforcement of the new “Red Flags Rule” until May 1, 2009, to give creditors, including physician practices, additional time to develop and implement written identity-theft prevention program.
As explained in the press release, FTC staff recently learned that some industries within the Commission’s jurisdiction, including the healthcare providers, were uncertain about their coverage under the red flags rule. For this reason, the Commission has delayed enforcement.
As reported previously, ASCRS and ASOA first raised this issue with the AMA at the request of its membership. ASCRS and AMA continue to disagree with the FTC that physician practices fall into the federal law’s definition of a creditor and will communicate that position in a face-to-face meeting with Commission staff, along with other medical associations. We will keep you updated.
American Medical Association (AMA) Responds to ASCRS/ASOA Concerns About the Federal Trade Commission’s (FTC) Final Rule on Red Flags (September 26, 2008)
This week, the AMA notified ASCRS staff that it would respond formally to concerns raised by the society about the FTC’s final rule on red flags. The rules, scheduled to take effect on November 1, 2008, were brought to the attention of AMA earlier this year after we received queries from our members as to how the rules would affect physician practices.
The Red Flag Rules, which stem from the Fair and Accurate Credit Transactions (FACT) Act of 2003, require financial institutions and creditors to develop and implement written identity-theft-prevention programs. These programs must be in place by November 1, 2008, and must provide for the identification, detection, and response to patterns, practices, or specific activities—known as red flags—that could indicate identity theft. In separate conversations with FTC staff by ASCRS and AMA, the agency explained that physicians are considered creditors and subject to the rules.
ASCRS, along with the AMA, do not believe that most practicing physicians are creditors as most do not "regularly extend, renew or continue credit." The AMA will issue its legal opinion in a formal comment letter to the FTC next week. A copy of the letter will be made available in next week’s Washington Watch Weekly.
Additional Resources
