Bill Would Create Red Flags Exemptions

Smaller physician practices would get a pass
Bill Would Create Red Flags Exemptions
Two U.S. Senators have introduced legislation to exempt smaller healthcare, accounting and legal practices from the Federal Trade Commission's Identity Theft Red Flags Rule.

After repeated delays, the rule is slated to be enforced starting June 1 for all healthcare organizations.

The American Medical Association and two other physician groups recently filed a lawsuit seeking to prevent the FTC from applying the rule to doctors.

Sens. John Thune (R-S.D.) and Mark Begich (D-Alaska) introduced S. 3416 on May 25. A very similar bill, H.R. 3763, passed the U.S. House last year on a 400-0 vote, but the Senate failed to act on it.

The new Senate bill exempts practices in the three sectors with 20 or fewer employees. It applies to healthcare professionals, including physicians, dentists, podiatrists, chiropractors, several types of therapists and veterinarians. The bill was referred to the Senate Banking, Housing and Urban Affairs Committee.

Under the Red Flags Rule, which dates back to 2007, any organization that extends credit to its clients must develop and implement written identity theft prevention programs that help identify, detect and respond to patterns, practices or specific activities, known as "red flags," that could indicate identity theft.

Federal regulators already are enforcing the rule for many financial services companies. But it has repeatedly delayed enforcement in healthcare in reaction to protests and concerns.

In arguing against applying the rule to physicians, the AMA and other associations contend it is unnecessary.

"Physicians are already ethically and legally responsible for ensuring the confidentiality and security of patient's medical information," says Peter Lavine, M.D., alluding to the HIPAA privacy and security rules. "It is unnecessary to add to the existing web of federal security regulations physicians must follow," adds Lavine, president of the Medical Society of the District of Columbia, which joined in the AMA lawsuit.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.