Skip to content
DWT logo
People Expertise Insights
About Locations Careers
Search
People
Expertise
Insights
About
Locations
Careers
Search
Advisories
Healthcare

Red Flag Rules Compliance Deadline Approaches: Providers should focus on identity theft prevention program implementation

By  Health Law Group
02.09.09
Share
Print this page

Health care providers take note: the May 1, 2009, Red Flag Rules compliance deadline is approaching quickly. The Red Flag Rules apply to all entities that meet the Federal Trade Commission's very broad definition of a “creditor” and that maintain “covered accounts.” This includes many, if not most, health care providers.

The Red Flag Rules require those covered to develop and implement an identity theft prevention program. The four basic steps to such a program are: (1) identifying relevant red flags; (2) detecting red flags; (3) preventing and mitigating identity theft; and (4) updating the program periodically.

As a practical matter, health care providers also should verify that their identity theft prevention programs are in line with applicable state law standards governing the protection and storage of consumers' personal information, in addition to the Red Flag Rules. For example, Massachusetts recently adopted 201 MASS. CODE REGS. 17.00-.05, which imposes more onerous data security requirements than the Red Flag Rules.

The initial compliance date for the Red Flag Rules was postponed to May 1, 2009, to allow health care providers sufficient time to carefully develop and implement their programs. It is unlikely that health care providers will get a second reprieve. Now is the time to refocus attention on developing your Red Flag compliance program.


Previous related advisory bulletins

Additional information about the applicability and requirements of the Red Flag Rules may be found in the following advisory bulletins previously issued by Davis Wright Tremaine LLP:

FTC Delays Enforcement of Red Flag Rules to May 1, 2009
By Rebecca L. Williams and Brent R. Eller, Oct. 2008

Health Care Providers: Don't Miss the Red Flags
By Rebecca L. Williams and Brent R. Eller, Aug. 2008

“Red Flag” Identity Theft Programs Required by November 2008
By John D. Seiver, July 2008

Related Articles

DWT logo
©1996-2022 Davis Wright Tremaine LLP. ALL RIGHTS RESERVED. Attorney Advertising. Prior results do not guarantee a similar outcome.
NAVIGATE
Home People Expertise Insights
About Locations Careers Events Blogs
STAY CONNECTED

Subscribe to stay informed.

Subscribe
Employees
DWT Collaborate
EEO
Affiliations
Legal notices
Privacy policy
©1996-2022 Davis Wright Tremaine LLP. ALL RIGHTS RESERVED. Attorney Advertising. Prior results do not guarantee a similar outcome.
Close
Close

CAUTION - Before you proceed, please note: By clicking “accept” you agree that our review of the information contained in your e-mail and any attachments will not create an attorney-client relationship, and will not prevent any lawyer in our firm from representing a party in any matter where that information is relevant, even if you submitted the information in good faith to retain us.