AHLA, American Health Lawyers Association
A A A
Home  |  Sign In  |  Contact Us  |  Job Bank
AHLA » AHLA Members » Practice Groups » Health Information and Technology » Email Alerts Leading health law to excellence through education, information and dialogue lktw
Follow AHLA  

In Email Alerts:

Email Alerts
Member Briefings
Executive Summaries
Luncheon
Newsletters
Advisory Opinions
Toolkits
Bills, Laws, and Regulations
AC Feature Articles
Task Forces and Affinity Groups
Leadership
Annual Report
    
Print this page Print this page
Email to a friend Email to a friend

      

      

           Share this Page
 

FTC Delays Enforcement of Red Flags Rule . . . Again 

Email Alert

By Rebecca L. Williams*

May  1, 2009

On the eve of the enforcement date, the Federal Trade Commission (FTC) announced that it will delay enforcement of the identity theft "Red Flags Rule" until August 1, 2009. The FTC indicates that it wants to give those covered by the requirements more time to develop and implement written identity theft prevention and mitigation programs. This is the second delay in the FTC's enforcement of the Red Flags Rule. The rule originally was to become effective November 1, 2008, but was delayed until May 1 of this year because of perceived confusion as to who must comply with the Red Flags Rule. Now, the FTC has provided a second six-month reprieve.

By way of background, the Fair and Accurate Credit Transactions Act of 2003 amended the Fair Credit Reporting Act and directed various regulatory agencies, including the FTC, to promulgate the Red Flags Rule. The Red Flags Rule requires financial institutions and creditors to develop a program to identify, prevent, and mitigate identity theft. "Creditor" is broadly defined to apply to a variety of organizations including many entities and organizations in the healthcare industry. The four basic steps to an identity theft program are: (1) identifying relevant red flags; (2) detecting red flags; (3) preventing and mitigating identity theft; and (4) updating the program periodically.

The FTC also announced that for entities that have a low risk for identify theft, such as businesses that know their customers personally, the FTC soon will release a template to assist them in their compliance with this law.

"Given the ongoing debate about whether Congress wrote this provision too broadly, delaying enforcement of the Red Flags Rule will allow industries and associations to share guidance with their members, provide low-risk entities an opportunity to use the [FTC] template in developing their programs, and give Congress time to consider the issue further," FTC Chairman Jon Leibowitz said.

*The Health Information and Technology Practice Group wishes to thank Rebecca L. Williams, RN, JD (Davis Wright Tremaine LLP, Seattle, WA) for writing this email alert.


 
Related Resources
© 2012 American Health Lawyers Association
 1620 Eye Street NW
Washington, DC  20006-4010
Phone: 202-833-1100   Fax: 202-833-1105 		FAQ  |  Privacy Policy  |  Site Map