Sunday, March 14, 2010

Should Feds Remove Small Practices from Red Flags Compliance?


An author on Red Flags Rule compliance tells HealthLeaders Media that eliminating small practices from complying with the FTC's identity theft prevention program regulation would lead to more identity violations.

In December 2009, the U.S. District Court issued a summary judgment in favor of the American Bar Association that said the Red Flags Rule does not apply to attorneys or law firms.

Piggybacking off that decision, a group that includes the American Dental Association, American Medical Association, American Osteopathic Association, and the American Veterinary Medical Association wrote a letter to the FTC urging it to remove them from compliance. Also, the House passed a bill last year that calls for removing entities with 20 or fewer employees from Red Flags Rule compliance.

The FTC's compliance date with Red Flags has been in effect for nearly a year and a half (November 1, 2008). The enforcement date, however, has been delayed four times. It is now June 1, 2010.

Randy Berry, BA, CPA, financial leader and Red Flags Rule compliance expert with Columbus Healthcare & Safety Consultants in Columbus, OH, says it would be unfortunate if entities with 20 or fewer employees are let off the compliance hook.

"Smaller businesses with small multi-tasking staffs have fewer controls and are more at risk than that of larger businesses with a larger staff size," says Berry, author of the Red Flag Manual and Training CD Package. "Small businesses are more prone to customer identity theft." healthleadersmedia.com

No comments:

Post a Comment