Enforcement of 'Red Flags' Rule Stalls Again

The Federal Trade Commission, or FTC, announced May 28 that enforcement of the antifraud identity theft Red Flags Rule would be delayed again -- this time through Dec. 31.

In a press release, the agency said the delay was requested by members of Congress so they could consider legislation that would affect the scope of entities covered by the rule.

"Congress needs to fix the unintended consequences of the legislation establishing the Red Flags Rule -- and to fix this problem quickly," said FTC Chairman Jon Leibowitz in the release. "As an agency, we're charged with enforcing the law, and endless extensions delay enforcement."

The antifraud regulation went into effect on Jan.1, 2008, with an original compliance date of Nov. 1, 2008. Since that time, enforcement of the rule has stalled several times.

The rule was developed as part of the Fair and Accurate Credit Transactions Act of 2003 (62-page PDF; About PDFs). It requires financial institutions and creditors -- including physician practices -- to address the risk of identity theft by implementing identity theft prevention programs.

In late May, the AMA filed a lawsuit asking a federal court to prevent the FTC from extending the Red Flags Rule to physicians. In a May 28 press release, the organization called the rule an "unjustified and burdensome regulation of medicine" and pointed to a federal court ruling handed down in November 2009 that blocked the application of the regulation to attorneys.