As stated in an earlier posting, healthcare providers should ensure appropriate compliance with the Red Flags Rule.  There continues to be healthy debate as to what level of applicability the Red Flags Rule has in this market.  That said, the link below, to a recent article by the FTC, highlights some relevant points to think about as healthcare providers consider whether or not they are 'covered' and, if so, the appropriate measures to be taken in developing their Identity Theft Prevention Program.Of note, the article points out that "health care providers are creditors if they bill consumers after their services are completed. Health care providers that accept insurance are considered creditors if the consumer ultimately is responsible for the medical fees. However, simply accepting credit cards as a form of payment does not make you a creditor under the Red Flags Rule."  Based on this definition, it appears to some extent, that the majority of healthcare providers will be covered under the Red Flag Rule as creditors.I encourage you to have a look at this article if you are still on the fence: http://www.ftc.gov/bcp/edu/pubs/articles/art11.shtm

If the business is a creditor or a “financial institution” (defined as a depository institution) that offers covered accounts, you must develop a Program to detect possible identity theft in the accounts and respond appropriately. The federal banking agencies, the NCUA and the FTC have issued Guidelines to help covered entities identify, detect and respond to indicators of possible identity theft, as well as to administer the Program. A copy of the Red Flag Guidelines can be found: Federal Reserve Board – 12 C.F.R. pt 222, App. J Federal Deposit Insurance Corporation – 12 C.F.R. pt 334, App. J FTC – 16 C.F.R. pt 681, App. A NCUA – 12 C.F.R. pt 717, App. J Office of the Comptroller of the Currency – 12 C.F.R. pt 41, App. J Office of Thrift Supervision – 12 C.F.R. pt 571, App. J  

They have started to shift away from time-based collections management activities (the 30-, 60-, 90-day bucket approach).  Instead, the focus is migrating towards the development of collections strategy that is based on the underlying risk of the individual – to look at how he is performing on all of the obligations in the total relationship to determine the likelihood of repayment and the associated activities that can facilitate that repayment.  They’ve found they can’t rely purely on traditional models anymore because consumer behavior has dramatically changed and an account only approach doesn’t reflect the true risk and value of the individual’s relationship.