The “new” Red Flags Rule—initially issued in October 2007—was scheduled to become effective on June 1, 2010. On May 28, 2010, however, the Federal Trade Commission announced that it would again delay enforcement of the Rule. The new enforcement deadline is December 31, 2010.
The Rule applies to “financial institutions” and “creditors” that maintain “covered accounts.” Because the definitions of a “creditor” (an entity that regularly extends credit) and “covered account” (a consumer account that permits multiple transactions or a commercial account where there is a “reasonably foreseeable risk” of identity theft) are so broad, a wide range of businesses must comply (e.g. car dealers, healthcare providers, mortgage brokers, utility companies and telecommunication companies).
The FTC stated that the decision to again delay enforcement was at the request of several members of Congress “while Congress considers legislation that would affect the scope of entities covered by the Rule.” FTC Chairman Jon Leibowitz asked Congress “to fix the unintended consequences of the legislation establishing the Red Flags Rule” by urging “Congress to act quickly to pass legislation that will resolve any questions as to which entities are covered by the Rule and obviate the need for further enforcement delays.”
The House has already passed a bill to exempt small health, legal and accounting firms from the Rule and a nearly identical bill was introduced in the Senate May 25. Additionally, groups representing healthcare providers, attorneys and accountants have filed lawsuits seeking to enjoin the FTC from applying the Rule to their members. The ABA obtained a decision from the trial court holding that the Rule does not apply to attorneys because they do not meet the definition of a “creditor.” The FTC appealed that decision and the case is now before the D.C. Circuit. The trial court in the AICPA case issued an order precluding the FTC from enforcing the Rule against AICPA members in public practice until 90 days after the D.C. Circuit rules on the FTC’s appeal in the ABA case.
Additional information on the Red Flags Rule can be obtained from a Webinar presented by the Baker Hostetler Healthcare Industry Team or by contacting any member of our Privacy and Information Security or Healthcare Industry Teams. We hope you find this information helpful.
Authorship Credit: Craig A. Hoffman
Subscribe to Baker Hostetler’s Privacy and Information Security News
Subscribe to Health Law Update
Baker & Hostetler LLP publications are intended to inform our clients and other friends of the Firm about current legal developments of general interest. They should not be construed as legal advice, and readers should not act upon the information contained in these publications without professional counsel. The hiring of a lawyer is an important decision that should not be based solely upon advertisements. Before you decide, ask us to send you written information about our qualifications and experience. © 2010 Baker & Hostetler LLP