Dentists are Creditors Under Red Flags Rule

Dentists are now considered creditors under the Federal Trade Commission’s Red Flags Rule. As such, dentists are required to implement an identity theft prevention program to detect, prevent and mitigate identity theft by November 1, 2009. This is a 90-day extension from the previous August 1, 2009, deadline. The new rule applies to all businesses that extend or arrange for credit for their customers. Dentists are considered creditors if they do not collect payment in full at the time of service. 

Most dentists either extend credit to their dental patients or arrange for credit through an outside company. According to the FTC, the Red Flags Rule applies to dental providers who:

The FTC’s Red Flags Rule requires dentists to develop and implement written policies and procedures that identify 1) the various ways in which patient account information may be stolen in their practice, 2) ways to detect potential occurrences of identity theft, 3) an appropriate response to any such detection, and 4) a method for periodically reviewing and updating identity theft policies and procedures. Once developed, the practice owner or a formally appointed program administrator must ensure that all staff receive adequate training and acknowledge in writing that they have received a copy of the practice’s identity theft policies and procedures and have had a chance to ask questions. Program administrators must also follow up on and oversee the appropriate response to any "red flags" reported by staff members and keep a log describing and documenting all responses to suspected identity theft incidents. 

An excellent step-by-step compliance template has been developed by the FTC and is available at http://www.ftc.gov/redflagsrule.