Skip to content
DWT logo
People Services Insights
About Offices Careers
Search
People
Services
Insights
About
Offices
Careers
Search
Advisories
Healthcare

Red Flag Rules Compliance Deadline Approaches: Providers should focus on identity theft prevention program implementation

By Health Law Group
02.09.09
Share
Print this page

Health care providers take note: the May 1, 2009, Red Flag Rules compliance deadline is approaching quickly. The Red Flag Rules apply to all entities that meet the Federal Trade Commission's very broad definition of a “creditor” and that maintain “covered accounts.” This includes many, if not most, health care providers.

The Red Flag Rules require those covered to develop and implement an identity theft prevention program. The four basic steps to such a program are: (1) identifying relevant red flags; (2) detecting red flags; (3) preventing and mitigating identity theft; and (4) updating the program periodically.

As a practical matter, health care providers also should verify that their identity theft prevention programs are in line with applicable state law standards governing the protection and storage of consumers' personal information, in addition to the Red Flag Rules. For example, Massachusetts recently adopted 201 MASS. CODE REGS. 17.00-.05, which imposes more onerous data security requirements than the Red Flag Rules.

The initial compliance date for the Red Flag Rules was postponed to May 1, 2009, to allow health care providers sufficient time to carefully develop and implement their programs. It is unlikely that health care providers will get a second reprieve. Now is the time to refocus attention on developing your Red Flag compliance program.


Previous related advisory bulletins

Additional information about the applicability and requirements of the Red Flag Rules may be found in the following advisory bulletins previously issued by Davis Wright Tremaine LLP:

FTC Delays Enforcement of Red Flag Rules to May 1, 2009
By Rebecca L. Williams and Brent R. Eller, Oct. 2008

Health Care Providers: Don't Miss the Red Flags
By Rebecca L. Williams and Brent R. Eller, Aug. 2008

“Red Flag” Identity Theft Programs Required by November 2008
By John D. Seiver, July 2008

Related Articles

02.25.25
Insights
Healthcare
In Key Ruling, 1st Circuit Adopts "But-For" Causation Standard for FCA Claims Arising From Unlawful Kickbacks Read More
01.30.25
Insights
Healthcare
New Administration Outlook: Guidelines for Healthcare Providers Responding to Immigration Enforcement Actions Read More
01.29.25
Insights
Healthcare
New Administration Outlook: Trump Orders and the Impact on Reproductive Healthcare Read More
DWT logo
©1996-2025 Davis Wright Tremaine LLP. ALL RIGHTS RESERVED. Attorney Advertising. Not intended as legal advice. Prior results do not guarantee a similar outcome.
Media Kit Affiliations Legal notices
Privacy policy Employees DWT Collaborate EEO

SUBSCRIBE
©1996-2025 Davis Wright Tremaine LLP. ALL RIGHTS RESERVED. Attorney Advertising. Not intended as legal advice. Prior results do not guarantee a similar outcome.