The implementation of "red flag" rules requiring creditors and financial institutions to implement security programs and policies to deter identity theft may be delayed once more. Entities are currently required to be in compliance by August 1.
The American Medical Association, American Bar Association, and the National Retail Federation have filed complaints to the Federal Trade Commission (FTC), claiming that the red flag rules are meant for financial institutions such as banks and credit companies. The groups argue that the broad language of the rule has unintentionally placed other institutions under the policy. For example, hospitals would be considered creditors under the rule since they provide services and then defer payment until a patient pays a bill out of pocket, or insurance reimbursement is received.
The organizations have contacted the FTC and Congress to try and get a deadline extension, which would provide time to amend the policy to apply to only the intended institutions. If an extension is not granted, the American Bar Association intends to file a lawsuit against the FTC.