This is from:
Hospitals encouraged to prepare for Red Flags rule October 24, 2008
Hospitals should make a good faith effort to comply with the Federal Trade Commission’s Red Flags rule as soon as possible, because the deadline for complying with the rule remains Nov. 1, despite the agency’s recent decision (See this at http://www.ftc.gov/opa/2008/10/redflags.shtm) to delay enforcement for six months. Hospitals are likely to meet the rule’s broad definition of “creditor,” requiring them to develop a written identity theft prevention program. Working with outside counsel Hogan & Hartson, AHA has developed a sample policy (link follows below) that hospitals can use as a first step in developing their written identity theft programs. “While it may be appropriate to start with the sample policy, the regulation requires that the program be appropriate for the organization’s size and complexity and the nature and scope of its activities,” said Lawrence Hughes, AHA assistant general counsel. “Each organization must adapt the sample document to address the specific risks they face and to ensure an appropriate and reasonable organizational response to those risks.” The sample policy is not intended to substitute for responsible legal advice. Hospitals should examine the sample document as part of a comprehensive risk assessment.
Link to Red Flags Rule:
Link to sample policy http://www.aha.org/aha/content/2008/document/08redflagsoverview.doc