This is a sample policy designed to facilitate Idaho hospitals’ compliance with certain state and federal laws governing identity theft, including the FTC’s so-called “Red Flag” Regulations (16 C.F.R. §§ 681.1 and 681.2); certain aspects of the HIPAA Privacy and Security Rules (42 C.F.R. §§ 164.301 et seq. and 164.501 et seq.); and Idaho’s Identity Theft Law (I.C. §28-51-104 et seq.). Each hospital should modify the policy as applicable to the hospital’s circumstances and practices, paying special attention to those provisions in the sample that are italicized.