'Red Flags' compliance date is postponed again by the Federal Trade Commission

September 1, 2009

A second delay for enacting the "Red Flags Rule" was announced recently by the FTC, which has postponed its enforcement of the rule to Nov. 1 from Aug. 1. The rule had originally been slated to go into effect May 1.

Key Points

The Red Flags Rule [see Optometry Times, May 2009] will require businesses that extend credit to customers-which, under the FTC's definition, includes most physicians' practices-to develop written plans for identifying and responding to warning signs-red flags-of identity theft.

Such signs include alerts, notifications, or warnings from a consumer reporting agency; suspicious documents; suspicious forms of personal identification; and notifications from customers, victims of identity theft, or law enforcement authorities about possible identity theft.

In February, 49 medical societies and all 50 state medical societies stated their objections in a letter to FTC Chairman William E. Kovacic.

To help prepare businesses for compliance, the FTC created an online one-stop shop for Red Flags matters at http://www.ftc.gov/redflagsrule.

The focal point of the Web site is a compliance manual, Fighting fraud with the Red Flags Rule: A how-to guide for business. The site not only outlines the rule and includes resources for designing and implementing identity theft prevention programs, but also offers options for downloading the manual as a PDF or ordering a hard-copy version.

Additionally, the Web site links to the article, "What health care providers need to know about complying with new requirements for fighting identity theft," http://www.ftc.gov/bcp/edu/pubs/articles/art11.shtm.