Red Flags Rule
FTC rule (16 CFR Part 681) requiring creditors and certain financial institutions to develop and implement an Identity Theft Prevention Program.
1 min read · Last reviewed May 23, 2026
At a glance
- Category
- Compliance Program
- Primary sources
- 1
- Workspace handoff
- compliance binder →
Where this comes up
Compliance committees and practice managers operate at this level — written policy, workforce training, sanction policy, monitoring and auditing cadence, response and corrective action. The seven elements of an effective compliance program (OIG) are the scaffolding; this term lives somewhere on that scaffold.
Full definition
What it is in practice
FTC Red Flags Rule applies to healthcare providers that defer payment ("creditors"). The program must identify red flags, detect them, respond to them, and update the program.
How it shows up in your practice
Adopt a written Identity Theft Prevention Program. Common red flags: ID mismatch at registration, suspicious documents, multiple addresses on file.
Sources
- FTC — Red Flags Rulehttps://www.ftc.gov/business-guidance/resources/fighting-identity-theft-red-flags-rule-how-guide-business
Adopt the Red Flags Program in the Compliance Binder
Open compliance binder →Related terms
- Compliance ProgramCivil Monetary PenaltiesAdministrative penalties HHS-OIG may impose on healthcare providers for various violations including HIPAA breaches, kickbacks, and billing for excluded individuals.
- DocumentationPatient PortalA secure web-based application that lets patients access portions of their health information and communicate with the practice.
D3rx is a healthcare-billing and compliance research aid maintained by D3rx Inc. Articles are drafted by an LLM (Anthropic Claude) against primary HHS, OCR, CMS, eCFR, NIST, and state-regulator publications, and reviewed for restraint and source fidelity by the D3rx team.
Reviewer status: a named credentialed reviewer (CHC, CHPC, or healthcare attorney) is being engaged. Until that engagement is finalized, this page does not claim credentialed review.
Related across the archive
- GlossaryCivil Monetary PenaltiesAdministrative penalties HHS-OIG may impose on healthcare providers for various violations including HIPAA breaches, kickbacks, and billing for excluded individuals.
- GlossaryPatient PortalA secure web-based application that lets patients access portions of their health information and communicate with the practice.
- BillingWhat to Do When a Payer Says You're UnderbillingGot a letter saying you're underbilling? Here's what it actually means, whether you should worry, and what action to take.
- ComplianceAmbulatory Surgery Center Compliance: CMS + State + Infection Control42 CFR Part 416 Conditions for Coverage, CMS State Operations Manual Appendix L, the ASC Infection Control Surveyor Worksheet, and where state ASC licensure tightens the standard.
- ComplianceAnnual HIPAA Training Curriculum (What to Cover + How to Document)A 2026 annual HIPAA training curriculum for small healthcare practices — eight required modules under 45 CFR 164.530(b) and 45 CFR 164.308(a)(5), with documentation templates.
- ComplianceAnti-Kickback Statute: What Medical Practices Actually Need to Know (42 USC § 1320a-7b(b))The federal Anti-Kickback Statute is intent-based, criminal-grade, and the most common fraud-and-abuse theory in OIG enforcement. Here is what AKS actually prohibits, how the safe harbors function, and where practices get caught.
- ComplianceBehavioral Health Compliance: 42 CFR Part 2 + HIPAA TogetherHow SAMHSA's 42 CFR Part 2 framework for substance use disorder records overlays HIPAA after the 2024 final rule alignment, and what behavioral health practices must document.
- ComplianceBusiness Associate Agreement Template (2026) + Counterparty TrackerA 2026 HIPAA Business Associate Agreement template with every 45 CFR 164.504(e) required clause, plus the vendor tracker auditors expect alongside it.
This glossary entry is a research aid for billing and compliance staff. It does not provide legal, medical, or financial advice and does not replace counsel. References cited link to primary sources at HHS, OCR, CMS, eCFR, NIST, and the relevant payer or industry body.