The Federal Trade Commission (the “FTC”) will delay until November 1, 2009, enforcement of a provision of the “Red Flags” Rule that requires physicians and hospitals to adopt written plans for tracking and responding to indicators of identity theft in their billing operations. The delay is intended to give creditors and financial institutions more time to review the FTC’s guidance and develop and implement written Identity Theft Prevention Programs.
The Red Flags Rule is an anti-fraud regulation, requiring “creditors” and “financial institutions” with covered accounts to implement programs to identify, detect, and respond to the warning signs, or “red flags,” that could indicate identity theft. Resources to help organizations comply with the Red Flags Rule are available at FTC’s Red Flags Rule microsite.
For further detail on Red Flag Rules, see von Briesen & Roper’s Health Law Bulletin: “Red Flag Rules: Are They Applicable to You?”