Effective December 31, 2010, the Red Flag Program Clarification Act of 2010 exempts most healthcare providers from being considered “creditors” subject to the Red Flag Rule. The Rule requires financial institutions and creditors to implement programs to identify and address trends, practices, and activities relating to potential identity theft.