The Federal Trade Commission has extended enforcement of the Red Flags Rule until June 1, 2010. Enforcement of the rule has been delayed previously as the FTC sought to adequately educate affected corporations and institutions. The Red Flags Rule impacts financial institutions and creditors subject to FTC jurisdiction. According to the Rule, created under the Fair and Accurate Credit Transactions Act, covered entities must develop and implement written policies that aid in identity theft prevention.

FTC announced on April 30, 2009 that the enforcement of the Red Flag Rule will be delayed until August 1, 2009.  This will allow time for creditors and financial institutions to create and fine tune their identity theft prevention programs.  A template has also been developed and will be available soon which will aid companies with a low risk of identity theft. 

More information is available from here: http://www.ftc.gov/opa/2009/04/redflagsrule.shtm

On January 1, 2008, the newly-released Red Flags Rule stipulated that certain businesses are required to "spot and heed" the red flags for identity theft. Health care providers, in particular, should be vigilant in monitoring any suspicious activity that may indicate identity thieves have accessed stolen information including social security numbers, birth dates, account numbers, etc. in order to acquire accounts or services. Compliance to the Red Flags rule will be enforced starting on May 1, 2009. Is your organization covered?

With a May 1st deadline for compliance looming, the American Medical Association (AMA) has asked the Federal Trade Commission (FTC) to suspend the application of the Red Flag Rules to physicians and publish a new rule so that physicians have an opportunity to provide comments. In a March 9 letter to the FTC, AMA Executive Vice President Michael D. Maves wrote that the AMA “strongly believes that the FTC did not provide physicians with an opportunity to review and comment on this Rule.”

On May 1, 2009, the FTC's six month suspension of the enforcement of the Red Flag Rules will be lifted.  Is your organization's Identity Theft Prevention Program in place?  If not, review the requirements at 16 CFR 681 on the MediRegs research portal.  If your organization has implemented a program - be sure it passes compliance muster by conducting the Red Flag Rules risk assessments developed by MediRegs for ComplyTrack.  Question sets include: