Endocrine Insider
May 26, 2010

(See Full Issue)

In November 2007, the Federal Trade Commission (FTC) issued a set of regulations known as the “Red Flags Rule,” requiring certain entities to develop and implement written identity theft prevention and detection programs to protect consumers from identity theft. The FTC has indicated that the rule does apply to physician practices. In response to this information, the American Medical Association (AMA), The Endocrine Society, and other medical specialty organizations expressed their concerns and successfully delayed implementation of the rule until June 1, 2010. The Endocrine Society and other specialty organizations continue to advocate to the FTC that physicians are not “creditors” and therefore should not be subject to the Red Flags Rule.

Last week, the AMA, American Osteopathic Association, and the Medical Society of the District of Columbia filed a lawsuit in federal court seeking to reverse the extension of this rule to physicians. In the interim, the AMA developed a guidance document and sample policies so that physicians can incorporate a simple identity theft prevention and detection program into their existing compliance and HIPAA security and privacy policies. Visit www.ama-assn.org/go/pmc and select “Data Security” to access AMA resources. Documents include “Protect your patients, protect your practice: What you need to know about the Red Flags Rule” and a sample practice policy.

Any additional information on the AMA lawsuit or Red Flags Rule compliance will be highlighted in future issues of Endocrine Insider.