Health Information Management

Red Flags Rule deadline pushed back again

HIM-HIPAA Insider, August 3, 2009

By John Commins, HealthLeaders Media

Remember that August 1 deadline for the Red Flags rule? Never mind.

The Federal Trade Commission announced July 29 that—for a third time—it has pushed back enforcement of the anti-fraud regulations until November 1, a full year after it was first scheduled to take effect.

The additional three months—which comes at the request of the House Appropriations Committee—will be used to educate small businesses about Red Flags Rule compliance and to allow financial institutions and creditors more time to implement written identity theft prevention programs, according to the FTC.

Red Flags Rule requires creditors and financial institutions to have in place identify theft prevention, detection, and response systems. The Fair and Accurate Credit Transactions Act of 2003 mandates the rule. The FTC’s Red Flags Web site includes an online compliance template that enables companies to design their own identity theft prevention program.

The FTC said that many entities have already developed and implemented appropriate programs, but that some small businesses with a low risk of identity theft remain uncertain about their obligations. The FTC is preparing additional compliance guidance and will create a special link for low-risk entities on the Red Flags Rule Web site. The FTC has already posted FAQs that address how it intends to enforce the Red Flags Rule and other topics.

Red Flags was supposed to go into effect on November 1, 2008, but it was pushed back to May 1, 2009, and then pushed back to August 1, 2009. The FTC said Wednesday’s deadline rollback does not affect other federal agencies’ enforcement of the original November 1, 2008 compliance deadline for institutions subject to their oversight.

Most Popular