House Passes Red Flag Exemption for Small Practices

HealthLeaders Media Staff, October 26, 2009

The House of Representatives unanimously passed a bill Tuesday, October 22, that would exempt a healthcare practice with 20 or fewer employees from the FTC's identity theft Red Flags Rule requirement.

The bill moves onto the Senate.

The Red Flags Rule, which will be enforced starting November 1, 2009, requires healthcare entities considered to be "creditors" to implement an identity theft prevention program.

Further, the bill passed by the House last week, which was filed by John Herbert Adler (D-NJ), Paul Collins Broun, Jr. (R-GA), and Mike Simpson (R-ID), lets off the hook an entity that:

  • Knows all of its customers or clients individually

  • Only performs services in or around the residences of its customers

  • Has not experienced incidents of identity theft and identity theft is rare for businesses of that type

The FTC would determine if a business meets these criteria.

Facebook icon
LinkedIn icon
Twitter icon