The Federal Trade Commission again has delayed enforcement of the Red Flags Rule, and Congress may pass a bill to exempt small businesses from the rule—which requires companies to develop programs to prevent identity theft.
The FTC issued the latest delay in enforcement of the rule, from November 2009 until June 2010, at the request of members of Congress. The Red Flags Rule requires creditors and financial institutions to implement programs to detect warning signs of identity theft, or red flags, and respond appropriately. According to the FTC, health care providers are creditors if they do not always receive payment in full from clients at the time of services.
On Oct. 20, the House of Representatives passed a bill (H.R. 3763) that would exempt health care practices with 20 or fewer employees from the Red Flags Rule. The bill had moved to the Senate Committee on Banking, Housing, and Urban Affairs at press time. The AVMA Governmental Relations Division is lobbying for passage of the legislation.
The legislation also includes a provision that would allow businesses to apply to the FTC for an exclusion from the Red Flags Rule. The exclusion would be for companies that know all their customers individually, only perform services in or around the residences of their customers, or have not experienced identity theft and run a type of business in which identity theft is rare.
The AVMA has compiled resources regarding the Red Flags Rule, including a guide to compliance for veterinary practices, at www.avma.org/issues/FTC_red_flags_rule.asp.