The FTC has extended the enforcement deadline of its Red Flag Rule to August 1, 2009, for most “creditors” under the Rule that are not already subject to enforcement as financial institutions.
The American Medical Association vows to use this extra time to lobby that doctors are not “creditors” under the Rule. The FTC disagrees for now, and even posts information specifically for health care providers on its red flag website.
The FTC promises to release a “template” to help companies with a low-risk of enabling identity theft to develop programs to identify red flags that signal potential identity theft. The AMA calls their own version of a template a “sample policy.”
Despite the AMA’s protesting, the health care industry may have an easier time complying than others given they already have to comply with the Health Insurance Portability and Accountability Act (HIPAA). Telecom, Utilities, car dealers, and retailers are starting from zero.