Red Flags Rule Gets Another Delay
Medical practices received another last-minute reprieve from complying with the "red flags" identity theft rule.
Set to go into effect June 1, the rule was delayed until Dec. 31 while Congress considers legislation that would exempt medical practices, attorneys, and accounting offices with fewer than 20 employees from having to comply.
The US House of Representatives passed such a measure in October 2009, and the US Senate is considering a similar bill.
The American Medical Association, American Osteopathic Association, and the Medical Society of the District of Columbia filed a lawsuit on May 21, 2010 to prevent the Federal Trade Commission (FTC) from extending the rule to medical practices.
To help you comply with the new rule, the Pennsylvania Medical Society has developed several tools, including a prevention program template.
Several resources, including a how-to guide and a prevention program template for low-risk businesses, also are available on the FTC website.
Initially slated to go into effect Nov. 1, 2008, the rule has been delayed multiple times. It requires creditors and financial institutions—including medical practices—to develop and implement identity theft prevention programs.
Last Updated: 7/8/2010