The original FTC Red Flags Rule compliance date deadline was extended three times from the original date of November 1, 2008, with an expected compliance date of November 1, 2009. Just prior to that date, the FTC extended for the fourth time the deadline for compliance to June 1, 2010. On May 28, 2010, the June 1, 2010, compliance date was extended a fifth time to December 31, 2010:
“At the request of several Members of Congress, the Federal Trade Commission is further delaying enforcement of the ‘Red Flags’ Rule through December 31, 2010, while Congress considers legislation that would affect the scope of entities covered by the Rule. Today’s announcement and the release of an Enforcement Policy Statement do not affect other federal agencies’ enforcement of the original November 1, 2008 deadline for institutions subject to their oversight to be in compliance….
“The Commission urges Congress to act quickly to pass legislation that will resolve any questions as to which entities are covered by the Rule and obviate the need for further enforcement delays. If Congress passes legislation limiting the scope of the Red Flags Rule with an effective date earlier than December 31, 2010, the Commission will begin enforcement as of that effective date.”
The issue regarding the delays in FTC enforcement relates to “scope of entities covered by the Rule,” as indicated in the FTC news release. Congress is taking action:
“House lawmakers in October  passed H.R. 3763, which would exclude from the Red Flags guidelines meaning of ‘creditor’ any healthcare, accounting, or legal practice with 20 or fewer employees, as well as any other business which the FTC determines knows all its customers or clients individually; only performs services in or around the residences of its customers; or hasn’t experienced incidents of ID theft, and identity theft is rare for businesses of that type. An identical bill, S.3416 was introduced in the Senate on May 25 .”
A lawsuit was filed in federal court on May 21, 2010, to accomplish a similar objective of narrowing scope of entities covered by the Rule. “[T]he American Medical Association, American Osteopathic Association and the Medical Society of the District of Columbia filed a lawsuit in federal court challenging the decision to classify physicians as ‘creditors’ because they allow patients to defer payments. The medical groups also said the implementation of the Red Flags Rule could threaten doctor-patient relationships and negatively affect patient care (Sorrel, American Medical News, 5/31).”
Please visit the FTC Red Flags Rule Web site: http://www.ftc.gov/redflagsrule or the American Medical Association (AMA) Web site: http://www.ama-assn.org/ama/no-index/physician-resources/red-flags-rule.shtml for additional information. (20100603)
 Federal Trade Commission, “FTC Extends Enforcement Deadline for Identity Theft Red Flags Rules,” news release, May 28, 2010, which is available online at: http://www.ftc.gov/opa/2010/05/redflags.shtm.
 Melissa Klein Aguilar, “Another Delay for FTC Red Flags Enforcement,” in Compliance Week, June 1, 2010, which is available online at: http://www.complianceweek.com/blog/aguilar/2010/06/01/once-again-ftc-delays-red-flags-enforcement/.
 The House passed H.R. 3763 by a vote of 400-0.
 California HealthCare Foundation, “FTC Delays Enforcement of ‘Red Flags Rule’ Until End of 2010,” iHealthBeat, June 1, 2010, which is available online at: http://www.ihealthbeat.org/articles/2010/6/1/ftc-delays-enforcement-of-red-flags-rule-until-end-of-2010.aspx.
Leave a Reply