On May 28, 2010, just shy of the June 1st compliance deadline, the Federal Trade Commission (FTC) announced that it would again be postponing enforcement of the Red Flags Identity Theft Prevention Rule through December 31, 2010.

The Rule was developed under the Fair and Accurate Credit Transactions Act, in which Congress directed the FTC and other agencies to develop regulations requiring “creditors” and “financial institutions” to address the risk of identity theft.  The resulting Red Flags Rule requires all such entities that have “covered accounts” to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft.

The Rule became effective on January 1, 2008, with full compliance for all covered entities originally required by November 1, 2008.  The FTC has issued several Enforcement Policies delaying enforcement of the Rule.  Most recently, the FTC announced in October 2009 that at the request of certain Members of Congress, it was delaying enforcement of the Rule until June 1, 2010, to allow Congress time to finalize legislation that would limit the scope of business covered by the Rule.  Since then, the FTC has received another request from Members of Congress for another delay in enforcement of the Rule beyond June 1, 2010.  On May 28, 2010, this delay was extended through December 31, 2010.

As a reminder, the American Health Care Association (AHCA) and the LTC Consortium have produced Policy and Procedure Templates for compliance with the Red Flag Identity Theft Prevention rules.  Note that they are intended to be templates which should be customized to fit the unique needs of the provider's operations.  We provide the links here:

ID Theft Prevention Program Policy template

Red Flag Procedures template

Patti Cullen, CAE
952.851.2487
pcullen@careproviders.org

Our Sponsors