On the eve of the enforcement deadline of the Red Flags Rule, the Federal Trade Commission (FTC) extended the deadline for enforcement once again to August 1, 2009. In October 2008, the FTC granted a six-month delay in the enforcement of the Red Flags Rule from the original November 1, 2008, deadline until May 1, 2009. In a press release dated April 30, 2009, the FTC announced a three-month delay in the enforcement of the section of the Red Flags Rule that requires individuals and entities defined as “creditors” or “financial institutions” under the regulations to implement a written identity theft prevention program to detect, prevent and mitigate identity theft in connection with certain existing accounts or the opening of new accounts. This announcement does not affect the other sections of the Red Flags Rule related to users of consumer reports and issuers of debit and credit cards, which became effective on November 1, 2008.
The FTC announced that it soon will release a policy template for entities with a low risk of identity theft to assist them in complying with the law. A quote in the press release from FTC Chairman Jon Leibowitz indicates that this delay also may be used to give Congress the opportunity to revisit the scope of the Red Flags Rule. Chairman Leibowitz said:
[G]iven the ongoing debate about whether Congress wrote this provision too broadly, delaying enforcement of the Red Flags Rule will allow industries and associations to share guidance with their members, provide low-risk entities an opportunity to use the template in developing their programs, and give Congress time to consider the issue further.
On April 22, 2009, clients and friends of Baker Hostetler tuned in to a webinar entitled, “HIPAA and Healthcare Privacy: How the Stimulus Bill, State Statutory Enactments, Red Flag Rules & Cases Have Changed the Landscape,” that discussed a variety of privacy and security developments affecting the healthcare industry, including an overview of HIPAA changes from the recent Stimulus Bill, a review of the FTC Red Flag Rules and an examination of case law and state privacy developments. Attorneys Steve Eisenberg, Bob Wolin and John Mulhollan offered practical tips and concrete action steps that providers can take in light of the changed and changing landscape. A complete replay of this webinar is available online.
For more information on the Red Flags Rule, please contact Steven A. Eisenberg, or 216.861.7903; Mark Hatcher, or 614.462.4765; Robert M. Wolin, or 713.646.1327; John Mullholland, or 216.861.7484; or Ameena Ashfaq, or 713.646.1329.
Baker & Hostetler LLP publications are intended to inform our clients and other friends of the Firm about current legal developments of general interest. They should not be construed as legal advice, and readers should not act upon the information contained in these publications without professional counsel. The hiring of a lawyer is an important decision that should not be based solely upon advertisements. Before you decide, ask us to send you written information about our qualifications and experience. © 2009 Baker & Hostetler LLP