On December 18, 2010, President Obama signed into law the Red Flag Program Clarification Act. The new law limits the circumstances in which creditors are covered by the Red Flags Rule. The FTC is revising the materials on their site to reflect the change in the law.

See the new law here:

http://www.gpo.gov/fdsys/pkg/BILLS-111s3987enr/pdf/BILLS-111s3987enr.pdf

In accordance with a request from Congress, the FTC has delayed enforcement of the Red Flags Rule until December 31, 2010. This enforcement extension is necessary in order for lawmakers to finalize the scope of those impacted by the Rule. Should legislation determining the scope of affected entities be passed before the new deadline, the Rules will go into immediate effect.

The Federal Trade Commission has extended enforcement of the Red Flags Rule until June 1, 2010. Enforcement of the rule has been delayed previously as the FTC sought to adequately educate affected corporations and institutions. The Red Flags Rule impacts financial institutions and creditors subject to FTC jurisdiction. According to the Rule, created under the Fair and Accurate Credit Transactions Act, covered entities must develop and implement written policies that aid in identity theft prevention.

In an effort to extend their Red Flags education campaign, the FTC has announced that enforcement on the Red Flags Rule will be delayed until November 1, 2009. This education campaign seeks to educate businesses on whether they are covered by the Rule, and if so, which steps to take in order to be compliant. Small businesses, in particular, had fumbled to grasp whether their risk-based programs were harmonious with the Red Flags Rule.

With a May 1st deadline for compliance looming, the American Medical Association (AMA) has asked the Federal Trade Commission (FTC) to suspend the application of the Red Flag Rules to physicians and publish a new rule so that physicians have an opportunity to provide comments. In a March 9 letter to the FTC, AMA Executive Vice President Michael D. Maves wrote that the AMA “strongly believes that the FTC did not provide physicians with an opportunity to review and comment on this Rule.”

The “Identity Theft Red Flag Rules” (Rules) impose mandatory compliance with the regulations that require financial institutions or creditors to establish (1) protocols on discrepancies between an address requested in a consumer report and the address in the consumer reporting agency's file, and (2) policies and procedures to assess the validity of a change of address.

American Medical News Article on FTC Red Flag Rules

Amy Sorrel of AMNews wrote a recent article discussing the Red Flag Rules and the delayed enforcement: "New Federal Trade Commission regulations to combat identity theft have taken physicians and the health care industry by surprise and prompted the agency to delay enforcement from Nov. 1 to May 1, 2009."

New Red Flag Compliance Deadline - May 1, 2009!

Just this afternoon, the FTC announced that it would delay the deadline to comply with the new Red Flag Rules from November 1, 2008 to May 1, 2009.  The delay is to due to the confusion and uncertainty created in certain industries over whether the rules apply to them.  "Many entities also noted that because they generally are not required to comply with FTC rules in other contexts, they had not followed or even been aware of the rulemaking, and therefore learned of the requirements of

MediRegs Resources on the FTC Red Flag Rules

New rules take effect November 1, 2008 that may require health care providers to develop and implement a written identity theft prevention program.  Health care providers can be "creditors" under the broad definition set forth in the rules.  Indeed, health care entities are specifically mentioned in the Federal Register article promulgating the rules.  Red Flags are a pattern, practice, or specific activity that could indicate identity theft.  To help you identify whether these rules apply to yo