On December 18, 2010, President Obama signed into law the Red Flag Program Clarification Act of 2010, which narrows the definition of a creditor for purposes of implementing the so-called “red flags rule,” i.e., Federal guidelines for use by financial institutions and creditors in establishing policies and procedures to mitigate identity theft risks."
The new law ended years-long dispute between the Federal Trade Commission (charged with enforcement of the Red Flags Rule program) and healthcare providers reluctant to take on an additional administrative and regulatory burden.
Via Healthcare IT News:
Red Flag Program Clarification Act of 2010 (Bill, S. 3987) sponsored by Senators John Thune (R-SD) and Mark Begich (D-AK), was scheduled to go into effect on Dec. 31. It was first introduced in the Senate on Nov. 30 and unanimously passed on the same day. The Senate passed the bill by voice vote on Dec. 7.
The Red Flags rule was developed under the Fair and Accurate Credit Transactions Act, in which Congress directed the FTC and other agencies to develop regulations requiring "creditors" and "financial institutions" to address the risk of identity theft. The resulting Red Flags Rule requires all such entities that have "covered accounts" to develop and implement written identity theft prevention programs to help identify, detect and respond to patterns, practices or specific activities – known as "red flags" – that could indicate identity theft.
The Red Flag Program Clarification Act modified the regulation in a way that exempted those creditors from the Red Flags Rule program which "advance funds on behalf of a person for expenses incidental to a service provided by the creditor to that person."