Posted April 1, 2009
Veterinarians are not exempt from a new federal rule to prevent identity theft. The Red Flags Rule, which the Federal Trade Commission will begin enforcing May 1, requires creditors to develop programs to prevent, detect, and mitigate identity theft.
The FTC proposed the Red Flags Rule in late 2007, and it took effect in 2008. The commission delayed enforcement until this year because many organizations did not consider themselves to be creditors—not in the same sense as financial institutions, which also fall under the rule. Nevertheless, the rule applies to most organizations that make arrangements to defer payment of debts, including almost all health care providers. Health care providers are creditors under the rule, for example, if they bill clients after completing medical services.
The FTC has offered guidelines for creating identity theft prevention programs that satisfy the requirements of the Red Flags Rule.
The first step is for organizations to identify major warning signs of identity theft, or red flags, that they come across in their line of work. Categories of warning signs include alerts from consumer reporting agencies; suspicious documents, personal information, or account activity; and notices from customers, victims of identity theft, law enforcement authorities, or other entities.
Each organization must write, implement, and administer an ongoing program to detect warning signs and respond appropriately to prevent or mitigate identity theft after finding a red flag. Responses to warning signs could include monitoring accounts or changing account numbers.
Finally, organizations should update their programs periodically to reflect changes in identity theft risks.
The intent behind the Red Flags Rule is good, said Dr. Patricia Wohlferth-Bethke, an assistant director in the AVMA Membership and Field Services Division.
If a veterinarian does not prevent breeches in the security of clients' information, she noted, some clients may choose not to visit that veterinarian again. Also, according to the Principles of Veterinary Medical Ethics of the AVMA, veterinarians and their associates should protect the personal privacy of clients.
Veterinarians should protect the information of employees as well as clients, said Adrian Hochstadt, JD, assistant director for state legislative and regulatory affairs in the AVMA Communications Division. He added that the AVMA plans to offer webinars with an outside specialist, in the near future, to help veterinarians come into compliance with the specific requirements of the Red Flags Rule.
Additional information about how the rule applies to health care providers is available at www.ftc.gov/.