FTC Delays Enforcement of FTC Red Flags Rule Fifth Time

The original FTC Red Flags Rule compliance date deadline was extended three times from the original date of November 1, 2008, with an expected compliance date of November 1, 2009.  Just prior to that date, the FTC extended for the fourth time the deadline for compliance to June 1, 2010.  On May 28, 2010, the June 1, 2010, compliance date was extended a fifth time to December 31, 2010[1]: “At the request of several Members of Congress, the Federal Trade Commission is further delaying enforcement of the ‘Red Flags’ Rule through December 31, 2010, while Congress considers legislation that would affect the scope of entities covered by the Rule.  Today’s…

READ MORE

Audit Control: What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the second Technical Safeguard Standard. There is not a separately described implementation specification. Rather, this standard’s implementation specification is connoted in the language of the standard and is required. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do A covered entity is required to implement hardware, software, and/or procedural mechanisms…

READ MORE

FTC Delays Identity Theft Prevention Red Flags Rule for Second Time

The Federal Trade Commission announced a second delay on Friday, May 1, 2009, for compliance with the identity theft prevention red flags rule. The delay is for three months, with compliance now scheduled for August 1, 2009. Entities affected are creditors and financial institutions. Healthcare providers that extend delayed payment plans to patients are deemed “creditors” under the red flags rule. This delay was to give affected entities more time to develop and implement written identity theft prevention policies and procedures for compliance with the rule, which is based on enabling regulations of provisions in the Fair and Accurate Credit Transactions Act of 2003. You can visit the FTC website…

READ MORE