Join ADAMember Log In

Red Flags deferral ends Nov. 1

While the ADA continues to work to pass legislation to permanently exclude small health care practices, including dentists, from the requirements of the Red Flags Rule, the current postponement of the rule's enforcement expires Nov. 1.

The regulation requires financial institutions and creditors to develop a written plan to prevent and detect identity theft. The Federal Trade Commission has said dentists and other health care professionals are creditors subject to the rules depending on their credit arrangements with patients, as defined by the Fair and Accurate Credit Transactions Act of 2003.

The ADA challenged the FTC on the applicability of the rule to dentists and helped introduce legislation (HR 2345) May 12 to exempt health care practices with 20 or fewer employees from the regulation. On Oct. 8, Rep. John Adler (D-N.J.), along with Reps. Mike Simpson (R-Idaho) and Paul Broun (R-Ga.), introduced a newer version of the bill (HR 3763) that would exclude most small businesses and health care practices. The bill is scheduled to come to the House floor on Oct. 20. (Association advocacy efforts on the Red Flags Rule are at

Association leaders believe the bill will move forward and intend to continue efforts to exclude most dental practices from compliance with the rule, yet simultaneously urge ADA members to be ready for the Nov. 1 deadline.

"Dentists who haven't already reviewed the guidance the ADA Legal Department provided last spring should do so," said Dr. Mark V. Walker, chair of the Council on Government Affairs. "The materials give ADA members an edge in complying with this rule should the FTC continue to insist it applies to all dentists."

Available to members from their state associations and in the members-only section at the Guide for Compliance with the New Red Flags Rule details how dentists can identify and address red flags and most easily formalize and administer a red flags program. The ADA Sample Identity Theft Detection and Response Policy and Procedures covers how to develop a written plan to prevent and detect identity theft, one of the rule's requirements.

The FTC originally delayed the enforcement date of the rule for six months—from Nov. 1, 2008 until May 21, 2009—saying in its announcement: "Some industries and entities within the FTC's jurisdiction were uncertain about their coverage under the rule." The second postponement was until Aug. 1 "to give creditors and financial institutions more time to develop and implement written identity theft prevention programs." The government agency later delayed enforcement to Nov. 1 "to assist small businesses" in understanding the regulation.

At, the commission created a Web link with materials offering guidance for low-risk entities.

The ADA News will continue to provide updates on developments related to Red Flags Rule compliance and dentists.