FTC Red Flag Rules Enforcement Delayed Until June 1, 2010

The Federal Trade Commission (“FTC”) has again extended enforcement of the Red Flag Rules, now until June 1, 2010.

The latest delay comes at the request of Congress, which is considering a bill that amends the identity theft rule by eliminating entities with fewer than 20 employees from complying.  The House of Representatives passed that bill in late October 2009. The bill is now in the hands of the Senate.

The Red Flag Rules impact financial institutions and creditors subject to FTC jurisdiction. According to the Rules, created under the Fair and Accurate Credit Transactions Act, creditors of covered accounts must establish a program to detect, prevent and mitigate identity theft.

Originally, the Red Flag Rules would have taken effect on November 1, 2008, which was then extended to May 1, 2009, and then further extended to November 1, 2009.

For more information on the Red Flag Rules, visit: https://vwhealthlaw.wordpress.com/category/red-flag-rules/.

© 2009 Parsonage Vandenack Williams LLC

  For more information, contact info@pvwlaw.com

Red Flag Rules Effective August 1, 2009

Just a reminder that the red flag rules will be enforced beginning August 1, 2009.  The red flag rules require creditors to implement a formal policy for detecting and preventing identity theft.  The rules were authorized under the 2003 Fair and Accurate Credit Transitions Act, which covers entities that regularly extend credit, or defer payment for services.  The FTC is still taking the position that health care providers are considered creditors under the rules.

The red flag rules require health care practices to identify red flags, or warning signs, of potential identity theft events, to develop a corporate policy for responding to such risks, and to train employees on the new policy.

Health care providers should consider the following when developing and implementing their identity theft prevention policies:

  1. Identify warning signs of potential identity theft that may occur in day-to-day operations. Such red flags may include bills for services not provided, inconsistent medical records, insurance claims denials or exhaustion of patient benefits.
  2. Outline clear procedures for detecting red flags, such as verifying patient identities, educating patients and training staff.
  3. Establish procedures for responding to red flags, such as gathering pertinent documentation, notifying patients or canceling transactions.
  4. Incorporate specified administrative requirements in the written policy, including seeking management approval, identifying a specific staff member to oversee implementation and conducting staff training.
  5. Review and update the identity theft prevention policy at least annually.

© 2009 Parsonage Vandenack Williams LLC

  For more information, contact info@pvwlaw.com