WASHINGTON--For the second time, the Federal Trade Commission has delayed enforcement of its new “Red Flags” rules requiring the implementation of identity theft prevention programs. The rules had been set for enforcement May 1, but in a last-minute decision April 30, the commission pushed its compliance deadline back three months to Aug. 1.
 
Last year, the FTC moved the original compliance deadline from Nov. 1 to May 1 after learning that some companies were uncertain about their coverage under the rules. According to press reports, the agency has been accused of applying the rules to organizations that were not intended to be covered--including health care providers.
 
Under the rules, HME providers and other affected companies must develop prevention programs that identify patterns, practices and activities that are “red flags” for possible identity theft.
 
For companies that have a low risk of identity theft, such as businesses that know their customers personally, the agency said it would soon release a “template” to help with compliance.
 
For more about the rules, see  “Are You Ready for the Red Flags Rule?”