Skip Ribbon Commands
Skip to main content
Finance >> Memorandum
To: State Executives, Finance Committee, NCAL State Leaders, NCAL Board of Directors, NCAL Staff, Reimbursement Task Force, Legal Committee,  Advocacy Department
From: Elise Smith
Subject: Red Flag Rule Enforcement Delayed Until November 1, 2009
Date: 7/28/2009

As you all know,  the Red Flag Regulations have three parts, only the first two of which pertain to the health care industry. The first part, the address discrepancy portion of the Red Flag Regulations, applies to anyone who uses “consumer reports,” defined to include credit reports, and requires users of consumer reports to develop and implement reasonable policies and procedures to deal with an address mismatch.  The second part pertains to the detection, prevention and mitigation of identity theft in relation to covered accounts by “creditors or financial institutions.”  This second rule, referred to commonly as the “Red Flags Rule”  is an anti-fraud regulation, requiring “creditors” and “financial institutions” with covered accounts to implement programs to identify, detect, and respond to the warning signs, or “red flags,” that could indicate identity theft.   

These rules became effective November 1, 2008, but enforcement of the second rule was delayed until May 1, 2009 and again delayed to August 1, 2009.   It is now being delayed yet again to November 1, 2009.   Please see press release below. 

In the press release, the FTC indicates that in order to assist small businesses and other entities, the Federal Trade Commission staff will redouble its efforts to educate them about compliance with the "Red Flags" Rule and ease compliance by providing additional resources and guidance to clarify whether businesses are covered by the Rule and what they must do to comply. To give creditors and financial institutions more time to review this guidance and develop and implement written Identity Theft Prevention Programs, the FTC will further delay enforcement of the Rule until November 1, 2009.

While we hope that the FTC guidance material will be helpful, please note that AHCA developed guidance material early on.  Please go to the AHCA website for our Identity Theft Tool Kit with explanations of the two rules that apply to LTC Facilities --  Reed Smith Memoranda with guidance for facility implementation of Rule #1  --  and two additional documents prepared by the LTC Consortium providing guidance on policy and procedures for Rule #2.   

AHCA will review the FTC guidance and provide any additions or modifications to our AHCA guidance material, if necessary.