FTC Delays Identity Theft Prevention Red Flags Rule for Second Time

The Federal Trade Commission announced a second delay on Friday, May 1, 2009, for compliance with the identity theft prevention red flags rule. The delay is for three months, with compliance now scheduled for August 1, 2009. Entities affected are creditors and financial institutions. Healthcare providers that extend delayed payment plans to patients are deemed “creditors” under the red flags rule. This delay was to give affected entities more time to develop and implement written identity theft prevention policies and procedures for compliance with the rule, which is based on enabling regulations of provisions in the Fair and Accurate Credit Transactions Act of 2003. You can visit the FTC website for additional information. HIPAA.com has outlined provisions of the rule in an earlier posting, and has available for download a copy of FTC’s “Fighting Fraud with the Red Flags Rule:  A How-To Guide for Business.”