DENVER, Colo. — Consumers should expect identity theft protection from their healthcare providers, such as physicians and dental practices, now that the Federal Trade Commission (FTC) has definitively clarified them as “creditors” under the “Red Flag” provisions of the Fair and Accurate Credit Transactions Act of 2003 (FACTA), according to identity theft security expert and identity recovery services provider idBUSINESS (

“Consumers entrust their health and personal information to their doctors. Clearly, the FTC views healthcare providers as liable for their stewardship of certain patient record information,” said idBUSINESS president Scott Sax. “Consumers should be aware that identity theft involves much more than credit information and social security numbers. It includes things like health insurance identification numbers, employment identification and children’s identification – all of which are typically part of a patient file in a typical healthcare practice.”

After months of discussion with the American Medical Association (AMA) regarding the applicability of FACTA regulations to healthcare providers already compliant with the Health Insurance Portability and Accountability Act (HIPAA), the FTC in a February, 2009 letter stated that “health care professionals are covered by the Rule when they regularly defer payment for goods or services.”

Addressed to AMA Director of Federal Affairs Margaret Garikes by FTC Acting Director of Bureau of Consumer Protection Eileen Harrington, the letter details the intent of the identity theft provisions:

“The Red Flags Rule is intended to address all forms of identity theft, including those involving the provision of health care . . . Medical identity theft can surface when a patient seeks care using the name or insurance information of another person, which can result in both false billing and the potentially life-threatening corruption of a patient’s medical records.

“A nationwide survey conducted for the FTC found that 4.5-percent of the 8.3 million victims of identity theft had experienced some form of medical identity theft, including the fraudulent use of their health insurance to obtain medical care or to obtain health insurance in their name. The incidence of medical identity theft may be increasing.”

“Regardless of where the information comes from, identity theft infects an individual’s reputation and threatens their credit standing,” Sax said. “That means that a criminal uses the good name, credit history and other personal information of an unsuspecting individual to get services or funds illegally.

“Many criminals get to individuals’ private information because some businesses fail to protect it,” he added. “More than ever before, individuals must take control of their own identity protection by following new routines for disposing of documents and papers, becoming aware of which businesses ask for personal identity information and asking: ‘Do I trust this business to protect my identity information?’ and actively inquiring as to whether your doctor’s office, your financial adviser, your mortgage lender or other business is protecting your information in accordance with the Federal Trade Commission’s requirements.”

In addition to healthcare providers, businesses that are now required to protect the identity of their customers include:
* Mortgage lenders
* Financial Planners
* Auto dealerships
* Insurance Agents


idBUSINESS is the standard information security operating system for small- to mid-sized businesses. It provides information security planning tools that identify needs, assess risks, comply with the law, and secure an organization’s data. idBUSINESS customers gain access to individual identity theft protection and reactive data breach services from ID Experts, the leaders in fully-managed identity recovery, as well as services from globally recognized forensics firm Net Reaction.

To learn more, please visit

[tags]idBUSINESS Denver[/tags]