RCPA - Rehabilitation and Community Providers Association


Federal Trade Commission Again Delays Enforcement of Red Flag Rules
November 9, 2009

The Federal Trade Commission (FTC) has delayed enforcement of the “Red Flags Rule” until June 1, 2010 at the request of members of Congress, according to an October 30 agency press release.
The announcement marks the fourth time the FTC has delayed enforcement of the rule, which imposes new obligations on “creditors” to detect, prevent, and mitigate identity theft. The rule was scheduled to go into effect November 1.

On October 20, the US House of Representatives passed legislation that would expressly exclude from the Red Flag Rules’ requirements small health, legal, and accounting practices with 20 or fewer employees. Under the measure, the FTC also could exclude any other business it determines “knows all of its customers or clients individually;” “only performs services in or around the residences of its customers;” or “has not experienced incidents of identity theft and identity theft is rare for businesses of that type.”

The deadline to comply with the identity theft program requirement was initially set for November 1, 2008, but later extended to May 1, 2009 and then August 1, 2009 following concerns that many industries, including healthcare providers that extend credit, did not initially realize the rules may apply to them.

Information provided courtesy of Renee H. Martin, JD, RN, MSN, from the law firm of Tsoules, Sweeney, Martin & Orr, LLC. 


< Back