The Federal Trade Commission passed this law in November 1, 2008. Enforcement of the law has been postponed several times and the latest delay may come in the form of lawsuits.
For those of you who are not aware of the Red Flag rule. The Federal Trade Commission passed this law in order to protect the public from identity theft. The broad purpose of the Red Flag and Address Discrepancy Rules is to require financial institutions and creditors to formally address the risks of identity theft and develop a mitigation plan. Health care providers have been identified as creditors and subject to the new rules, which took effect November 1, 2008. Enforcement of the law has been postponed several times and now as the June 1st deadline approaches the American Medical Association, American Osteopathic Association and the Medical Society of the District of Columbia have turned to file a lawsuit as a measure to block these rules in the healthcare arena. At this point in time no one knows for sure what will happen, however, the lawsuit does not have the power to postpone enforcement of this rule to healthcare professionals. Therefore the smart move will be to follow the requirements of the rule (develop policies, train employees and implement) and move on.