New requirements aimed at identity theft prevention will affect OTs in private practice—and an “Identity Theft Prevention Policy and Procedure” must be included in your practice’s policies and procedures manual by May 1, 2009.

The Federal Trade Commission has introduced what is refers to as the “Red Flags” rule through the Fair and Accurate Credit Transactions (FACT) Act of 2003. The rule requires "creditors"—which the FTC defines to include most health care providers—to establish a program to prevent identity theft in their practices designed to target warning signs or “red flags” for fraudulent activities. Creditors in a health care practice generally provide services to patients without requiring those patients to pay in full at the time of service, but rather allow payment to be deferred.

Organizations, including the American Medical Association (AMA) and the Medical Group Management Association (MGMA), have advocated to the FTC on behalf of health care providers to obtain clarification of the rule by arguing that health care providers are not creditors, as that term in defined by law. The advocacy resulted in a 6-month delay of the requirements, which were originally set to take effect on November 1, 2008. The rule is now expected to take effect on May 1, 2009.

The American Occupational Therapy Association, Bethesda, Md, encourages OTs to review the resources below and seek legal advice to develop a customized policy for their practices.

Read the [removed]letter from the FTC to the AMA[/removed] addressing health care providers

Read the FTC overview of Red Flags Rule

Access [removed]sample policy[/removed] from the AMA

Access additional Red Flags Rule information from the Medical Group Management Association (MGMA)

[Source: American Occupational Therapy Association]