Enforcement of Red Flag Rules Delayed Again

 

The Federal Trade Commission (FTC) announced on October 30 that it is once again delaying the enforcement of the Red Flag Rules for those financial institutions and creditors that are subject to enforcement by the FTC.  According to the FTC's announcement, the new implementation date for enforcement will be June 1, 2010.  This means that those entities not subject to enforcement of the Red Flag Rules by another federal agency (such as bank regulatory agencies), will have additional time to develop their programs that identify the warning signs or "red flags" of identity theft.

 

The Red Flag Rules were developed to implement enforcement of the Fair and Accurate Credit Transactions Act, which directed the FTC and other regulatory agencies to address the risks of identity theft.  The Rules require that all "creditors" that have "covered accounts" develop and implement written identity theft prevention programs to help identify, detect and respond to patterns or specific activities that may indicate identity theft.  A "creditor" is any entity that regularly extends credit, and includes non-profit and government entities that defer payment for goods and services.  A "covered account" is an account that is used primarily for personal, family or household purposes and that involves multiple payments.  Thus, a health care entity or provider is considered to be a creditor if it regularly bills patients after the completion of services, including for the remainder of medical fees not reimbursed by insurance.  Health care providers are also considered creditors under the Red Flag Rules if they regularly allow patients to set up payment plans after services have been rendered or if they help patients get credit from other sources — for example, if they distribute and process applications for credit accounts tailored to the health care industry. 

 

The FTC made the decision to again delay enforcement of the Red Flag Rules at the request of certain members of Congress.  In addition to making this request of the FTC, Congress has also gotten involved in the enforcement of the Red Flag Rules on a different level.  In October, the U.S. House of Representatives passed a bill that would exclude health care, legal and accounting practices with 20 or fewer employees from having to comply with the Red Flag Rules.  This bill has been sent to the U.S. Senate and has been referred to the Committee on Banking, Housing and Urban Affairs.  It is unclear at this time what action, if any, the Senate may take with regard to this bill.

 

Ice Miller will keep you informed of any developments under the Red Flag Rules as they occur.  If you have any questions regarding the Rules or would like more information or assistance in developing policies in compliance with the Red Flag Rules, please contact Margaret R. Emmert or any other member of Ice Miller's Health Law Practice Group.

 

This publication is intended for general information purposes only and does not and is not intended to constitute legal advice.  The reader must consult with legal counsel to determine how laws or decisions discussed herein apply to the reader's specific circumstances.