FTC Again Delays Enforcement of “Red Flags Rule”
AASM Special Update
Friday, May 28, 2010
The Federal Trade Commission announced today that it is further delaying enforcement of the “Red Flags” Rule through December 31, 2010, while Congress considers legislation that would affect the scope of covered entities. Under current FTC interpretations, physician practices are identified as “covered entities.” The Red Flags Rule requires “creditors” and “financial institutions” that have “covered accounts” to develop and implement written identity theft prevention programs to help identify, detect and respond to patterns, practices or specific activities – known as “red flags” – that could indicate identity theft. Although the Rule became effective Jan. 1, 2008, with full compliance for all covered entities originally required by Nov. 1, 2008, the FTC has issued several Enforcement Policies delaying enforcement of the Rule. The most recent delay was scheduled to expire June 1, 2010. More information about the Red Flags Rule is available online from the FTC.