Health Information Management

Red Flags Rule enforcement delayed to June 1

HIM-HIPAA Insider, November 9, 2009

The Federal Trade Commission is delaying enforcement of its identity theft Red Flags Rule for a fourth time, pushing back the November 1 deadline to June 1, 2010.

The latest delay comes at the request from Congress, which is considering exempting entities with fewer than 20 employees from the identity theft rule.

The House of Representatives passed the bill late last month. The Senate is now considering the bill.

The previous delay announcement—from August 1 enforcement to November 1—came in July. The House Appropriations Committee requested the additional three months to educate small businesses about Red Flags Rule compliance. The delay also allowed financial institutions and creditors more time to implement written identity theft prevention programs, according to the FTC.

Red Flags requires creditors and financial institutions to have in place identify theft prevention, detection, and response systems. The rule is mandated by the Fair and Accurate Credit Transactions Act of 2003.

Red Flags was initially supposed to go into effect November 1, 2008, but was pushed back to May 1, 2009, then to August 1, 2009, then to November 1, 2009, and now to June 1, 2010.

Most Popular