Get ready to play wait and see, but don't underestimate the benefit of compliance. Remember that movie Groundhog Day, where Bill Murray relives the same day over and over again? That's where we now are with the Red Flags Rule. The rule was supposed to take effect Nov. 1, but you now have seven more months to comply. On October 30, the Federal Trade Commission announced it is postponing the compliance deadline for the rule until June 1, 2010. Why: There's a court case going on about who must comply. "Basically, the FTC is extending the deadline because Congress has asked it to do so," explains attorney Robert Markette on the Gilliland & Markette Home Care Law blog. Action plan: You can sit back on your haunches and give the court case time to play out, Markette recommends. That way, you won't spend an undue amount of time putting together a compliance plan before you have a chance to see what happens with the court case and "what the final legislation from Congress looks like," he continues. If you've already locked in your Red Flags Rule compliance, you shouldn't feel too badly. The rule will protect your agency from identity theft -- which will save your bottom line. Consider this real-life case study of how one health system is using the rule to prosecute an identity thief -- and recoup their money: Last spring, Stephen Thomas Mullen of Knightdale, N.C., walked into local hospital Wake Med and used the name of a non-existent person to receive more than $45,000 in medical treatments, according to the Raleigh News & Observer. The hospital used the Red Flags Rule's provision to share with law enforcement officers all the suspicious customer information Mullen gave during his hospital stay -- which included a fake date of birth, Social Security number, and address. Police quickly found and arrested Mullen. How it works: Prior to the Red Flags Rule, medical providers couldn't prosecute identity thieves unless there was a victim other than the provider itself. However, the rule demands that you develop and implement written identity-theft prevention programs -- and part of prevention is catching and punishing those who defraud the system. Thanks to the rule, local law enforcement officers have investigated six cases of medical identity fraud or theft since July, said hospital police detective D.W. Brock to the News & Observer. Bottom line: Your agency can't afford to allow thieves to make off with your money, either. Follow WakeMed's example and implement policies and procedures that both catch and prosecute offenders -- no matter when the FTC requires you to do so. Your compliance now could mean more dollars in your agency's wallet by this time next year. Resource: Read the FTC's reasoning at www.ftc.gov/opa/2009/10/redflags.shtm and Markette's blog at www.homecarelawblog.com.