The FTC has once again delayed the enforcement date for the Red Flags Rule.

The Red Flags Rule as it currently stands, requires entities, including healthcare organizations, to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities known as “red flags” that could indicate identity theft.

The FTC was set to begin enforcement on November 1, 2009 but has now delayed enforcement until June 1, 2010. There is a bill pending in the Senate that would exempt healthcare organizations with 20 or fewer employees from the Red Flags Rule. In addition, On October 30, 2009, in a law suit against the FTC, the U.S. District Court for the District of Columbia ruled that the FTC may not apply the Red Flags Rule to attorneys. While this may not seem like much help for Healthcare Organization, perhaps this ruling will cause the FTC to rethink this issue with respect to Healthcare Organizations.

If you have questions or require additional information about the Red Flags Rule or other Healthcare Practice issues please go to www.Bluesteinlaw.com or e-mail me at Contact Philip M. Bluestein.

I will let you know if there are any new developments regarding this requirement for Healthcare Organizations.