Health Information Management

FTC delays Red Flags Rule enforcement

HIM-HIPAA Insider, June 8, 2010

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

The Federal Trade Commission (FTC) delayed enforcement of the Red Flags Rule for a fifth time, this time extending the date another seven months.

Enforcement was scheduled to begin June 1. The FTC changed it to December 31.
The FTC states on its Web site that Congress requested the delay as it “considers legislation that would affect the scope of entities covered by the rule.” However, the FTC says it will make enforcement effective earlier than December 31, 2010 provided Congress passes legislation before that date.
 
On May 25, the Senate filed a bill similar to one passed in October 2009 by the House that essentially exempts providers with fewer than 20 employees from complying with the FTC’s Red Flags Rule.
 
Healthcare entities defined as “creditors” by the FTC must still comply with the rule by implementing a program to prevent and detect cases of identity theft. The rule became effective November 1, 2008.
 
“Congress needs to fix the unintended consequences of the legislation establishing the Red Flags Rule—and to fix this problem quickly,” FTC Chairman Jon Leibowitz said in a release on the FTC Web site.
 
Editor’s note: For the latest information on the Red Flags Rule, as well as HIPAA and HITECH privacy and security compliance, visit the HIPAA Update blog.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular