J. A. (Tony) Patterson, Jr. and Gwen Kathleen Chapman
July 29, 2009
The Federal Trade Commission (FTC) announced today that it will further delay enforcement of the new "Red Flags Rule," scheduled to begin August 1, 2009. The FTC release announcing the new delayed enforcement date is intended to allow the FTC to provide additional compliance guidance, particularly to “small and low risk entities” and enable covered entities to gain a better understanding of the Rule and their obligations under it. As we have advised in earlier Alerts, any entity which has "covered accounts" and is a "creditor" as defined by the Red Flags Rule, including a health care provider, must establish a compliance program that complies with the Rule (16 CFR 681.1 – 72 Fed. Reg. 63718 (November 9, 2007). A covered account is defined as either (1) an account primarily for personal, family, or household purposes that involves or is designed to permit multiple payments or transactions; or (2) any other account for which there is a reasonably foreseeable risk to customers of the safety and soundness of the financial institution or creditor from identity theft.
The FTC's full press release can be found at http://www.ftc.gov/opa/2009/07/redflag.shtm. Its enforcement policies are available at http://www.ftc.gov/os/2008/10/081022idtheftredflagsrule.pdf.
This article was prepared by Tony Patterson (email@example.com or 214 855 8036) and Gwen K. Chapman (firstname.lastname@example.org or 214 855 7420) from Fulbright's Health Care Practice Group. You may contact Tony or Gwen if you need our assistance with compliance with the “Red Flag” Requirements.
J. A. (Tony) Patterson, Jr.
Gwen Kathleen Chapman