The Federal Trade Commission (FTC) indicates that physicians providing services to patients without requiring payment in full at time of service may need to comply with the new “Red Flag Rules” on May 1. Compliance entails developing a written Identity Theft Prevention Program for the practice to detect red flags that would prevent or mitigate identity theft. Medical identity theft occurs when someone uses another person’s identity — name, social security number, insurance information – without the person’s knowledge or consent, to obtain medical services or goods. The rule was originally scheduled to go into effect Nov. 1, 2008, but efforts by the American Medical Association (AMA), Medical Group Management Association (MGMA) and other medical associations resulted in a six‐month enforcement delay until May 1, 2009. To learn more about the Red Flag Rules, check out the article “The ‘Red Flags’ Rule: What Health Care Providers Need to Know About Complying with New Requirements for Fighting Identity Theft” by Tiffany George and Pavneet Singh, attorneys in the Federal Trade Commission’s Division of Privacy and Identity Protection. The article provides some background on medical identity theft, discusses who must comply, how to comply, and penalties for non-compliance (which are not criminal penalties). Another good resource on Red Flag Rules called “Protect your patients, protect your practice: What you need to know about the Red Flags Rule” is available from the AMA. This document covers procedures for addressing red flags that include identifying what red flags could occur in your practice indicating how you will detect red flags establishing a procedure for responding to red flags reviewing and updating your practice’s red flags program at least annually incorporating specific administrative element into your red flags program If you require additional resources to help your practice comply with Red Flag Rules prior to the May 1st deadline, contact Harmony Healthcare IT for help in finding the right information.