The Federal Trade Commission (FTC) has redoubled efforts to educate healthcare facilities, as well as financial institutions, about compliance with the Red Flags Rule and decided to give these groups more time to review its guidance on developing, documenting and implementing identity theft prevention programs. The FTC will delay enforcement until Nov. 1--a three-month extension from the original Aug. 1 deadline.
The Red Flags Rule is an anti-fraud regulation, requiring creditors and financial institutions with covered accounts to implement programs to identify, detect and respond to the warning signs, or "red flags," that could indicate identity theft. Financial regulatory agencies, including the FTC, developed the rule, which was mandated by the Fair and Accurate Credit Transactions Act of 2003 (FACTA).
The commission said it will ease compliance by providing additional resources and guidance to clarify whether businesses are covered by the rule and what they must do to comply. The rule requires physicians and hospitals to adopt written plans for tracking and responding to indicators of identity theft in their billing operations.
The FTC's Red Flags Web site-- www.ftc.gov/redflagsrule--offers resources to help entities determine if they are covered and, if they are, how to comply with the rule. It includes an online compliance template that enables companies to design an identity theft prevention program, as well as articles directed to specific businesses and industries, guidance manuals and "Frequently Asked Questions" to help companies navigate the rule.