FTC extends Red Flag Rule Compliance Deadline until June 1, 2010
Update: Federal Trade Commission has once again delayed compliance deadline of Red Flags Rule until June 1, 2010 for financial institutions and creditors as per the request of Members of Congress
The Federal Trade Commission (FTC) under the Fair and Accurate Credit Transactions Act of 2003 issued set of regulations, known as “Red Flags Rule”, requiring all financial institutions and creditors including physician offices to develop and implement written identity theft prevention programs to deter, prevent and mitigate client identity theft. According to FTC’s guidelines, physicians who regularly bill their patients for services provided are considered as creditors and required to comply with the Red flag rules.
Although the rules originally scheduled for a Nov. 1, 2008 compliance date, the FTC has now delayed the enforcement date of the Red Flags Rule until June 1, 2010 as AMA has objected to the FTC’s interpretation that physician practices are “creditors” when they accept insurance and bill patients after services are provided or if they allow patients to set up payment plans after services have been provided. AMA intends to utilize this time to convince the FTC to republish the rule so that there is sufficient opportunity to formally comment and state the AMA’s objections to physician inclusion in the program. Also AMA has prepared a guidance document along with sample policies so that members can incorporate a simple identity theft prevention and detection program into their existing compliance and HIPAA security and privacy policies.
The Federal Trade Commission states that delay of enforcement will enable these entities sufficient time to establish and implement appropriate identity theft prevention programs to stay in compliance with the rule. The Commission staff has continued to provide guidance to entities within its jurisdiction, both through materials posted on the dedicated Red Flags Rule Website (www.ftc.gov/redflagsrule), and in speeches and participation in seminars, conferences and other training events to numerous groups. The Commission also published a compliance guide for business, and created a template that enables low risk entities to create an identity theft program with an easy-to-use online form. FTC staff has published numerous general and industry-specific articles, released a video explaining the Rule, and continue to respond to inquiries from the public. To assist further with compliance, FTC staff has worked with a number of trade associations that have chosen to develop model policies or specialized guidance for their members.
Resource: Federal Trade Commission