Court Validates Red Flags Exemptions

Court Validates Red Flags Exemptions
A U.S. Appellate court decision March 4 further validates that physicians and attorneys are exempt from the Identity Theft Red Flags Rule.

Back in December, President Obama signed legislation that exempted certain businesses, including physician practices, from the Red Flags Rule. The Red Flag Program Clarification Act of 2010 more narrowly defined the term "creditor" so that, in effect, far fewer organizations must comply with the rule. Sens. John Thune, R-S.D., and Mark Begich, D-Alaska, introduced the measure, S 3987.

The U.S. Court of Appeals for the District of Columbia, in ruling on a case brought by the American Bar Association that sought to exempt attorneys from the rule, pointed out that the new law made the case moot. As a result, the American Medical Association, which joined with others in filing a similar case seeking to exempt physicians, announced it had officially dropped that lawsuit.

"The court's decision reinforces the intent of the new law clarifying the scope of the Red Flags Rule and helps eliminate any further confusion about the rule's application to physicians," said AMA President Cecil Wilson, M.D.

The court noted that in light of the passage of the new law, the Federal Trade Commission's assertion that the term "creditor" as used in the Red Flags Rule includes "all entities that regularly permit deferred payments for good or services," including professionals such as lawyers and health care providers, who bill clients after services are rendered, "is no longer viable."

Red Flags Provisions

Under the Red Flags Rule, which became effective Jan. 1, 2008, organizations that extend credit to their clients must develop and implement written identity theft prevention programs that help identify, detect and respond to patterns, practices or specific activities, known as "red flags," that could indicate identity theft. The rule applies, for example, to banks and federally-chartered credit unions, which are examined for Red Flags compliance by their federal regulators.

Under the new exemption law, creditors that must comply with the Red Flags rule no longer include those who "advance funds on behalf of a person for expenses incidental to a service provided by the creditor to that person." Creditors that must comply are those that obtain and use consumer reports in connection with a credit transaction and furnish information to consumer reporting agencies.

Don Asmonga, government relations manager for the American Health Information Management Association, said last year that the law apparently also means that those hospitals that do not regularly request credit reports for credit transactions are exempt from the Red Flags Rule.

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.