President Obama has signed the “Red Flag Program Clarification Act of 2010” ( P.L. 111-319 ) which amends the Fair and Accurate Credit Transactions Act of 2003 (FACTA). Under the Act, only a “creditor” that regularly and in the ordinary course of its business obtains or uses consumer reports in connection with a credit transaction, furnishes information to consumer reporting agencies in connection with a credit transaction, or advances funds, will be required to develop and implement a written identity theft prevention and detection program under the Federal Trade Commission's “Red Flags” Rule.

RIA observation: While the FTC has already eased some concerns for pension plans about the applicability of the “Red Flags Rule” to 401(k) loan programs , the new legislation may also ease some concerns for health providers about the applicability of the rule to flexible spending accounts.

The Red Flags Rule (16 CFR 681.1 et seq.) requires “financial institutions” and “creditors” with “covered accounts” to implement written identity theft prevention programs that are designed to identify, detect, and respond to red flags of identity theft in their day-to-day operations. The FTC has delayed enforcement of the rule several times, most recently until December 31, 2010 .

According to the sponsor's of the legislation, the changes make it clear that lawyers, doctors, dentists, orthodontists, pharmacists, veterinarians, accountants, nurse practitioners, social workers, other types of health care providers, and other service providers will no longer be classified as ``creditors'' for the purposes of the FTC's rule, just because they do not receive payment in full from their clients at the time they provide their services, when they don't offer or maintain accounts that pose a reasonably foreseeable risk of identity theft.

The FTC's website http://ftc.gov/redflagsrule states that it will be revising information about the Red Flags Rule to reflect the changes in the law.