Physicians recently got some more support for their position that they should not have to comply with the “Red Flags” rule, a federal regulation requiring certain businesses to implement formal identity theft prevention programs. A federal appeals court noted on March 4 that physicians are not subject to the requirements because they do not act as “creditors” when they bill patients after delivering services.
The 15-page decision was part of a lawsuit filed by the American Bar Association to keep attorneys from being subject to the Red Flags requirements. The court issued its ruling based on a law passed by Congress in December 2010 that clarified the original intent of the Fair and Accurate Credit Transactions Act, the legislation that the Red Flags rule implements.
The new law spells out that a creditor is not someone who simply “advances funds on behalf of a person for expenses,” such as a physician. Groups like the American Medical Association have been battling to keep the Red Flags rule from applying to doctors for years. Under the rule, creditors must develop formal identity theft prevention programs that allow them to identify, detect, and respond to any suspicious practices could indicate identity theft. The AMA has argued that the rules would be burdensome and duplicate requirements already in place under the Health Insurance Portability and Accountability Act (HIPAA).
The rules originally went into effect in 2008 but Congress had been delaying enforcement of the rules for years. The AMA has vowed to remain “vigilant” that the Federal Trade Commission, which enforces the Red Flags rule, respects Congress’ intent to exclude physicians from these requirements in any future regulations.
— Mary Ellen Schneider (on Twitter @MaryEllenNY)