"Red Flag Rules" enforcement has been delayed by the Federal Trade Commission ("FTC") until August 1, 2009. On the eve of the scheduled May 1, 2009 enforcement date for the Red Flag Rules, the FTC announced that it is delaying the enforcement date until August 1, 2009. The purpose of this extension is to give creditors and financial institutions more time to develop and implement written identity theft prevention programs.
The Red Flag Rules require financial institutions and "creditors" to develop and implement identity theft prevention programs that provide for identification, detection, and response to patterns, practices or specific activities (known as red flags) that could indicate identity theft. Health care providers are subject to the Red Flag Rules if they extend credit to a consumer/patient by establishing an account that permits multiple payments (e.g., establishing a payment plan).
Additional guidance on the Red Flag Rules is forthcoming and will be available on the FTC website.