FTC postpones ‘red flags’ rule

It’s finally May and ‘red flags’ are currently flying half staff. The Federal Trade Commission (FTC) has delayed enforcement of its identity theft prevention rule for creditors, including long-term care facilities, until August 1.

The FTC decided to delay this rather vague ruling for three months to give creditors and financial institutions—mostly those who had no idea this rule applied to them (long-term care administrators, does this sound familiar?)—sufficient time to develop and implement written identity theft prevention programs, as opposed to the original May 1 deadline.

“Given the ongoing debate about whether Congress wrote this provision too broadly,” says FTC Chairman Jon Leibowitz in a statement on the agency’s Web site, “delaying enforcement of the Red Flags Rule will allow industries and associations to share guidance with their members, provide low-risk entities an opportunity to use the template in developing their programs, and give Congress time to consider the issue further.”

The rule aims to cut down on identity theft of all kinds, including medical identity theft, by forcing the above-mentioned institutions to set policies that protect customers and assign staff for supervision. The program should highlight certain ‘red flags’ to watch out for, such as someone other than a resident requesting or questioning sensitive information.

LTC lawyer Jonathan Rosenfeld blogged about this topic last week and provides advice on how to comply. While the issue is for now put on hold, it’s never too early to create a benevolent program such as this—if not for the security of your residents, then do it because of the $2,500 fine that accompanies violations of the rule once August comes around. We’ll all be safer, and richer, in the end.


Topics: Articles