The Federal Trade Commission has again extended the deadline for enforcement of the Red Flags Rule, a section of the Fair and Accurate Credit Transaction Act of 2003, until Dec. 31. Enforcement was to begin June 1, 2010.
The rule is an anti-fraud regulation requiring creditors and financial institutions with covered accounts to implement programs to identify, detect and respond to the warning signs, or “red flags,” that could indicate identity theft.
Veterinarians fall into the category of creditors, which is defined as any entity that regularly extends or renews credit — or arranges for others to do so — and includes all entities that regularly permit deferred payments for goods or services.
The rule became effective on Jan. 1, 2008, but the FTC has since issued several Enforcement Policies delaying enforcement of the rule. Most recently, the FTC announced in October 2009 that at the request of certain Members of Congress, it was delaying enforcement of the rule until June 1, 2010, to allow Congress time to finalize legislation that would limit the scope of business covered by the rule. Since then, the FTC has received another request from Members of Congress for another delay in enforcement of the rule beyond June 1.
Congress is currently considering legislation (S. 3416), introduced late May, that would exempt veterinarians, physicians and dentists from the Red Flag’s Rule. The U.S. House of Representatives passed a similar bill (H.R. 3763) on Oct. 20, 2009.
Although enforcement of the rule has been delayed until Dec. 31, the American Veterinary Medical Association points out that the rule is technically in effect now and veterinarians are expected to comply. The AVMA is providing resources for veterinarians at its website. Information includes how the rule will specifically affect veterinarians, details on how veterinary practices can become compliant and online training and consultant resources.
As the AVMA sums it up, “The Red Flags Rule requires you to develop and implement a written identity theft prevention program which is updated as needed; train all employees to implement the program; and oversee your vendors and service providers to ensure they also provide sufficient precautions to prevent, detect and mitigate identity theft.”
The FTC also has a website that offers resources to help entities determine if they are covered and, if they are, how to comply with the rule. In addition, the website includes an online compliance template that allows companies to design their own Identity Theft Prevention Program, as well as articles directed to specific businesses and industries, guidance materials and a Frequently Asked Questions section.
|Related article: FTC Extends Red Flags Rule Enforcement to 2010|