Printer Friendly Email a Friend PDF RSS Feed

Dynamic Chiropractic – December 16, 2009, Vol. 27, Issue 26

Another Delay for Red Flags

FTC rule may not apply to your practice after all.

By Editorial Staff

Whether your office has identity theft protection protocols in place may be a moot point soon, at least in terms of a federal mandate.

With legislation currently under deliberation that would further define which entities are required to develop and implement identity theft protection protocols - and which are exempt from doing so - the Federal Trade Commission (FTC) has delayed enforcement of its Red Flags rule until June 2010, the fourth such delay.

In a release issued only two days before the Nov. 1, 2009 deadline, the FTC made the announcement, indicating that it was extending the enforcement deadline yet another time "at the request of Members of Congress." According to the American Chiropractic Association, the FTC delayed the enforcement deadline until next year because it did not want to enforce a regulation that might soon be superseded, at least in certain cases, by congressional legislation. H.R. 3763, already passed by the House and currently under deliberation in the Senate, would "amend the Fair Credit Reporting Act to provide for an exclusion from Red Flag Guidelines for certain businesses," including health care practices. The legislation would exempt practices with fewer than 20 employees from complying with the Red Flags rule.

The rule, details of which were published in the Federal Register in late 2007, is intended to help financial institutions and creditors that offer or maintain one or more "covered accounts" to "detect, prevent and mitigate identity theft in connection with the opening of a covered account or any existing covered account," and requires financial institutions and creditors to provide written programs along these lines.

Originally, the enforcement date for the rule was Nov. 1, 2008, but congressional pressure supported by the ACA and others led the FTC to delay enforcement for six months, until May 1, 2009, and then three additional months to give creditors and financial institutions more time to develop and implement written identity theft prevention programs. When the Aug. 1, 2009 deadline arrived, the FTC pushed back the enforcement date another three months to continue allowing affected parties to adequately prepare for enforcement of the new rule.

To track the progress of H.R. 3763 (read twice in the Senate and referred to the Committee on Banking, Housing, and Urban Affairs as of press time), visit

To report inappropriate ads, click here.