[ Wednesday, December 16, 2009 ]
Red Flags Update:
In case you haven't looked lately, check out the FTC's Red Flags Rule page,
where there are several click-through programs, including a video program and the template for low-risk businesses. I'm on a conference call right now with an FTC person, and her unofficial feel is that the reason for the latest delay is to allow the FTC to decide how to respond to the ABA case and whether/how to appeal. I think they're still trying to figure out if Congress will act further as well. The Red Flags program won't go away; it's just a question of whether you are a "creditor" according to the definition. From a HIPAA standpoint, much of what the Red Flags Rule does nicely dovetails with what all covered entities should be doing from a privacy and security standpoint; so, I'm not telling you what to do, but you might consider whether a Identity Theft Protection Program is a good idea, regardless of whether the Red Flags Rule does (or should) apply to you.
Jeff [11:29 AM]
Blogger: HIPAA Blog - Edit your Template