“Red Flags” rule update

A bill to exempt physicians and other professionals from the red flags rule passed the House on Dec. 6, following Senate passage four days earlier, and is headed to Obama’s desk for his signature. The red flags rule required any creditor who held financial data on clients to install identity theft detection and monitoring programs. The rule is the result of the Federal Trade Commission’s interpretation of the Fair and Accurate Transactions Act of 2003, which was intended to tighten security of financial data held by banks and credit card companies. On Nov. 1, 2008, the FTC said physicians were covered under the red flags rule because they bill people for services after they are provided, and because they allow payment plans. The AMA and others objected. On May 21, 2010, the AMA, the American Osteopathic Assn. and the Medical Society of the District of Columbia filed a federal lawsuit to prevent the FTC from holding physicians to the red flags rule. As these battles were being fought, the FTC delayed enforcement of the red flags rule on physician practices five times. FTC Chair Jon Leibowitz told delegates at the AMA Annual Meeting on June 14: “We feel your pain on red flags, and we want to fix it. We agree with you that the red flags rule reaches too far.” Dr. Wilson said the FTC had defined creditors too broadly to include physicians and other professionals, who now would be exempt under the bill.