Guidance on Preparing for Implementation of the Red Flags Rule
The FTC has posted a compliance template (pdf) for businesses at low risk for identity theft, such as most health care providers. The template allows business owners to design their own Identity Theft Prevention Program in accordance with the FTC Red Flags Rule, and consists of two relatively easy to use parts.
Part A helps users determine if their business is at low risk, and Part B helps users design a written Identity Theft Prevention Program if their business is in a low risk category.
However, like any other compliance regulation, the purpose of the Red Flags Rule is not to inflict more paperwork on affected businesses; its purpose is to foster meaningful use of effective identity theft prevention programs. At minimum, health care providers must actually adhere to the programs that they develop, and train their employees accordingly.
Remember, the implementation date for the Red Flags Rule is August 1, 2009!
