Beginning June 1, 2010, a number of businesses will have to comply with the Federal Trade Commission’s Red Flags Rule.  The Red Flags Rule requires certain businesses to develop and implement policies and procedures to protect consumers from identity theft.  The Red Flags Rule will apply to any business that extends credit to consumers, which in this case includes any business that allows consumers to pay for goods or services on a payment plan (including medical practices).

Every business subject to the Red Flags Rule must develop and implement a written identity theft prevention program that is designed to detect, prevent and mitigate identity theft “red flags.”  “Red flags” are patterns, practices or specific activities indicating potential identity theft.  Red flags include the following:

• Alerts, notifications or warnings from a consumer reporting agency
• Suspicious identification documents
• Suspicious personal identifying information, such as a suspicious Social Security number or address change
• Unusual use of an account or other dubious account-related activity
• Notices from customers, victims of identity theft, law enforcement authorities or other persons regarding possible identity theft in connection with an account

Beginning June 1, 2010, businesses face penalties of up to $2,500 per violation for failure to comply with the Red Flags Rule.