Text Size

  • Increase
  • Decrease
  • Normal

Current Size: 100%

Federal Trade Commission

Additional information can be found in the Operations, Red Flag Rules section.

What are the Red Flag Rules?

The Red Flags Rule was developed pursuant to the Fair and Accurate Credit Transactions (FACT) Act of 2003. Under the Rule, financial institutions and creditors with covered accounts must have identity theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft.

Download complete Red Flag Rule Tip Sheet (PDF)

The Rule applies to creditors and financial institutions. Federal law defines a creditor to be:

  • any entity that regularly extends, renews, or continues credit;
  • any entity that regularly arranges for the extension, renewal, or continuation of credit;
  • or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit.

Accepting credit cards as a form of payment does not, in and of itself, make an entity a creditor. Some examples of creditors are finance companies, automobile dealers, mortgage brokers, utility companies, telecommunications companies, and non-profit and government entities that defer payment for goods or services. Financial institutions include entities that offer accounts that enable consumers to write checks or to make payments to third parties through other means, such as other negotiable instruments or telephone transfers.

Do hospices qualify under the red flag rules? And under what circumstances?

  1. If a hospice accepts insurance where a patient or their estate is ultimately responsible for medical fees -- that could constitute "entering into agreements to provide services on a regular basis and accepting deferred payments" in a way that triggers the red flag rules. Simply accepting credit cards for payment would not make a hospice a creditor obligated to comply with Red Flag.
  2. If a hospice extends credit to employees, such as extending credit to physicians in the form of income guarantees or recruitment loans, that activity could make a hospice a creditor obligated to trigger Red Flag obligations.

Are you complying with the Red Flags Rule?

The Federal Trade Commission has developed a website specifically for businesses to comply with the Red Flag Rules.  The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs — or "red flags" — of identity theft in their day-to-day operations. By identifying red flags in advance, businesses will be better equipped to spot suspicious patterns that may arise -- and take steps to prevent a red flag from escalating into a costly episode of identity theft. Resources on this site can help business people educate their staff and colleagues about complying with the Red Flags Rule.