The Federal Trade Commission (FTC) announced on April 30, 2009 that it will delay enforcement of the new “Red Flag Rules” until August 1, 2009 in order to give affected entities more time to implement identity theft prevention programs. This announcement marks the second time the FTC has delayed enforcement of these rules, which were originally scheduled to be effective Nov. 1, 2008, and more recently were supposed to go into effect on May 1, 2009.

The Red Flag Rules are regulations issued by the FTC that require financial institutions and creditors to develop and implement written identify theft prevention programs as part of the Fair Accurate Credit Transactions (FACT) Act of 2003. Hospitals that accept deferred payments for medical services meet the definition of “creditor” under the FTC’s Red Flag Rules and must develop and implement written identify theft prevention programs to comply with these regulations.

More information about the FTC Red Flag Rules is available on our Red Flag Rules Resource Page. The Ohio Hospital Association and Bricker Eckler LLP have also developed a Red Flag Rules Hospital Compliance Guide, available for subscription, which offers assistance to hospitals with these rules.