Bill Would Create Red Flags ExemptionsSmaller physician practices would get a pass
After repeated delays, the rule is slated to be enforced starting June 1 for all healthcare organizations.
The American Medical Association and two other physician groups recently filed a lawsuit seeking to prevent the FTC from applying the rule to doctors.
Sens. John Thune (R-S.D.) and Mark Begich (D-Alaska) introduced S. 3416 on May 25. A very similar bill, H.R. 3763, passed the U.S. House last year on a 400-0 vote, but the Senate failed to act on it.
The new Senate bill exempts practices in the three sectors with 20 or fewer employees. It applies to healthcare professionals, including physicians, dentists, podiatrists, chiropractors, several types of therapists and veterinarians. The bill was referred to the Senate Banking, Housing and Urban Affairs Committee.
Under the Red Flags Rule, which dates back to 2007, any organization that extends credit to its clients must develop and implement written identity theft prevention programs that help identify, detect and respond to patterns, practices or specific activities, known as "red flags," that could indicate identity theft.
Federal regulators already are enforcing the rule for many financial services companies. But it has repeatedly delayed enforcement in healthcare in reaction to protests and concerns.
In arguing against applying the rule to physicians, the AMA and other associations contend it is unnecessary.
"Physicians are already ethically and legally responsible for ensuring the confidentiality and security of patient's medical information," says Peter Lavine, M.D., alluding to the HIPAA privacy and security rules. "It is unnecessary to add to the existing web of federal security regulations physicians must follow," adds Lavine, president of the Medical Society of the District of Columbia, which joined in the AMA lawsuit.