Red Flags Rule: Comply Now, Avoid Lawsuit Later

The scenario is far too familiar: Patient gets a call from a hospital about a bill. Patient says they never went to the hospital. Hospital says they did.

Now you've got a case of healthcare identity theft—and maybe a class action lawsuit.

Compliance with the Federal Trade Commission's new Red Flags Rule is critical for healthcare organizations—regardless whether the FTC postponed its enforcement date to August 1. The compliance date is actually November 1, 2008. That hasn't changed.

Sai Huda, chairman and CEO of Compliance Coach, a San Diego software company that specializes in automated regulatory compliance solutions, says bluntly of the FTC's enforcement delay: "So what? Anyone who is out of compliance is out of compliance."

Patients seeking damages from hospitals in identity theft cases have a leg up against hospitals that have yet to comply with the Red Flags Rule, Huda says. Health Leaders Media