Client Alerts & Insights
FTC Further Delays Enforcement of Red Flags Rule
November 1, 2009
Authored By:
The Federal Trade Commission (the “FTC”) has delayed enforcement of the Red Flags Rule until June 1, 2010. After three previous delays, the FTC was scheduled to begin enforcing the Red Flags Rule on November 1, 2009. However, in a statement posted on its website on October 30, 2009, the FTC announced that it will further delay enforcement of the Red Flags Rule at the request of members of Congress.
The Red Flags Rule requires financial institutions and creditors to adopt written identity theft prevention programs with respect to “covered accounts.” The Red Flags Rule defines a creditor as any person who: regularly extends, renews, or continues credit; regularly arranges for the extension, renewal, or continuation of credit; or is an assignee of an original creditor who participates in the decision to extend, renew, or continue credit. A “covered account” is an account used mostly for personal, family, or household purposes that involves multiple payments or transactions or an account for which there is a foreseeable risk of identity theft.
The FTC has indicated that a health care provider is a creditor for purposes of the Red Flags Rule if the provider bills consumers after services are completed (including billing for the remainder of fees not covered by insurance), allows patients to set up payment plans after services are completed, or helps patients get credit from other sources.
Health care providers that are creditors under the Red Flags Rule must now have written identity theft prevention programs in place on or before June 1, 2010. These policies must identify relevant red flags of identity theft related to the covered accounts, establish policies and procedures by which the providers will detect and respond to such red flags, and ensure that the programs will be updated periodically to reflect changes in risks to the security of patients’ identities.
The FTC has issued a guide that entities may use in developing identity theft prevention programs. However, entities should ensure that their policies are specifically tailored to their operations.
Additional Information
For more information on compliance with the Red Flags Rule, please contact a member of Benesch’s Health Care Department:
Harry M. Brown at 216.363.4606 or hbrown@beneschlaw.com
Janet K. Feldkamp at 614.223.9328 or jfeldkamp@beneschlaw.com
Alan E. Schabes at 216.363.4589 or aschabes@beneschlaw.com
Latest News
UPDATED: The Faster Labor Contracts Act Would Permit Federal Government to Impose Union Contract Terms on Employers
The federal government may soon be able to impose the terms of first collective bargaining agreements (“CBAs”) on private sector employers and unions.
Tariff Refund Litigation: A Primer on Common Plaintiff’s Theories of Recovery and Importer of Record Defenses
In February 2026, the U.S. Supreme Court ruled that President Trump did not have constitutional authority to impose tariffs under the International Emergency Economic Powers Act (IEEPA). The Trump Administration responded quickly, implementing a universal 10 percent surcharge under the authority of Section 122 of the U.S. Trade Act.
Supreme Court 2025: Key Free Speech Rulings
The Supreme Court’s 2025 decisions signaled a more regulator-friendly view of the internet—upholding laws on age verification and foreign-owned platforms under intermediate scrutiny, even where speech is burdened. These cases reaffirm that content-neutral rules that incidentally affect speech are likely to survive constitutional challenge.
Nobody—Not Even Einstein—Has Figured Out What Causes Gravity, but You Need to if You Are Facing a Putative Consumer Class Action in the 9th Circuit
The common argument made by plaintiffs that differences in alleged misrepresentations are transcended by the center of the gravity of the alleged fraud should not be addressed through the typical approach of just comparing the level of variance of the representations in the case at issue with that in the relevant precedent.