Physicians, hospitals and other healthcare providers may not be aware that the federal Red Flag Rules, 16 C.F.R. § 681, may apply to them. The Rules, which become effective on May 1, 2009, require covered entities to formally address the risks of identity theft and develop a plan to prevent such risks. The Rules have been widely overlooked by healthcare providers because they were promulgated under the Fair and Accurate Credit Transaction Act of 2003 by federal agencies that regulate financial institutions and, thus, appear to apply only to financial institutions. However, the Federal Trade Commission has made clear that the Rules are applicable to healthcare providers that allow their patients to defer payment for the professional services they receive.

Click here to read a Client Advisory by Edwards Angell Palmer & Dodge regarding the applicability of the Red Flag Rules to healthcare providers.