The FTC has announced that it is suspending enforcement of the “Red Flag Rules” until May 1, 2009. This will give organizations more time to develop and implement their written programs for identity-theft prevention. The rules require that financial institutions and creditors have a written program to prevent, detect, and diminish identity theft. The rules will also apply to many health care organizations. They were originally scheduled to take effect on November 1, 2008. During the FTC’s outreach efforts regarding the rules, officials determined that some entities did not know they were covered and had not started any efforts to comply with the rules. The delayed enforcement will allow all entities covered by the rules, including many health care organizations, to make sure that they are in full compliance by May 1, 2009.