Institutional Compliance

FACTA Red Flag FAQ's

Still have questions?

Please contact the Compliance Office at

What should you do if you suspect Identity Theft affecting a student or patient?

Contact your supervisor as soon as the Identity Theft is suspected.  NEVER delay treatment in a patient care situation.

What is the purpose of the FACTA Red Flag Rule?

The purpose is to detect and prevent Identity Theft by defining red flags or alerts that refer to a pattern, practice, or specific activity that indicates the possible existence of Identity Theft.


What is covered by the regulation?

Financial institutions and creditors with covered accounts are required to develop and implement Identity Theft prevention programs.


What is the definition of a financial institution or creditor?

The Federal Trade Commission (FTC) has defined this as anyone who defers payment on a debt or anyone who defers payment on goods or services.  A creditor is any entity that regularly extends, renews, or continues credit, arranges for extensions, renewals or continuations of credit, or any assignee or an original creditor who is involved in the decision to extend, renew, or continue credit.
Based on this definition there are many areas at the University that must comply.  Examples are Rocket Solutions Central and Patient Registration. 


What steps are necessary for the University to take?

The University must develop a policy and program to identify and detect the relevant warning signs or red flags of Identity Theft.  The policy must be approved by University leadership.  University areas will need to be educated on the appropriate actions that need to be taken when a red flag occurs.


Is red flag training available?

Yes.  Several training sessions will take place on both campuses.  For training information contact

What are the red flags outlined in the regulation?

The list of outlined red flags in available on our website.




Last Updated: 1/3/23