The Federal Trade Commission announced a third delay, from August 1, 2009, to November 1, 2009, for compliance with the identity theft prevention red flags rule. The delay is for another three months. Compliance originally was scheduled for November 1, 2008, then delayed the first time until May 1, 2009. Entities affected are creditors and financial institutions. Healthcare providers that extend delayed payment plans to patients are deemed “creditors” under the red flags rule. This delay was to give affected entities more time to develop and implement written identity theft prevention policies and procedures for compliance with the rule, which is based on enabling regulations of provisions in the Fair and Accurate Credit Transactions Act of 2003. You can visit www.ftc.gov/redflagsrule for additional information. HIPAA.com has outlined provisions of the rule in an earlier posting, and has available for download a copy of FTC’s “Fighting Fraud with the Red Flags Rule: A How-To Guide for Business.” Just click on “Red Flags Rule” to the right to access this information online.