[ Friday, December 10, 2010 ]
OK, today's earlier post shamed me into actually looking at the "Red Flag Program Clarification Act of 2010
" (the Clarification Act) to see if it really did what it said it did. On my first read of it, I thought they revised the wrong definition, particularly when I looked at the regulations implementing the Rule (16 CFR 681 for non-banks). But my confusion was based on multiple cross-references in the Fair and Accurate Credit Transactions Act (FACTA), the Fair Credit Reporting Act (FCRA), and the Equal Credit Opportunity Act (ECOA). On further review, the Clarification Act works.
Basically, under the original Red Flags Rule, in FACTA Congress required the Secretary of the Treasury, the FTC, and others to jointly write Red Flags regulations, which they did. They referenced the definitions in FCRA, which gives some definitions, but cross-references the ECOA for the definition of "creditor." The Clarification Act adds a specific definition for "Creditor," which takes the ECOA definition of creditor ("any person who regularly extends, renews, or continues credit; any person who regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who participates in the decision to extend, renew or continue credit"), but limits it to creditors who (i) use consumer reports in connection with credit transactions, (ii) furnish information to consumer reporting agencies in connection with credit transactions, or (iii) advance funds, based on the obligation to repay the funds or secured against certain pledged property. If the advance of funds is to pay expenses incidental to services provided, (iii) doesn't apply.
The Clarification Act does allow the FTC and banking regulatory agencies to include others in the definition of "creditor," but only if they determine that the creditor "offers or maintains accounts that are subject to a reasonably foreseeable risk of identity theft." This is a bit of a back door that could allow the FTC to continue to include physicians as subject to the Red Flags Rule; however, any such interpretation would be contrary to clear Congressional intent.
So, if the President signs the Clarification Act, that should remove the Red Flags Rule requirement from any healthcare provider that does not regularly establish payment plans. Some providers (lasik surgery providers, plastic surgeons, bariatric practices, and others that establish payment plans for patients) will still likely be considered creditors, but your garden variety medical practice will be out from under this requirement.
Jeff [4:48 PM]
Blogger: HIPAA Blog - Edit your Template