Red Flags Rule Delayed

The Federal Trade Commission announced at the end of May that physicians will be granted another temporary reprieve from having to comply with the Red Flags Rule, delaying its implementation until December 21, 2010.

There is considerable controversy over this rule, which requires all creditors to implement policies to protect consumers from identity fraud. In the medical arena, there is disagreement as to whether physicians can be considered “creditors” for purposes of the rule. While the FTC has indicated that physicians are in fact creditors, physicians (led by the AMA) argue the opposite. Recently, the AMA and other physicians’ groups filed suit against the FTC for an exemption to the rule, contending that the requirements imposed are “arbitrary and capricious” when applied to doctors.

This debate has raised some significant concerns about identity fraud in the medical context. For instance, given the rising costs of health insurance, there may be increased potential for patients to see a physician using another person’s identity in order to secure care under that person’s insurance. In other scenarios, a patient might use another’s identity to obtain medication where they normally would not be eligible, or even steal someone’s credit card information to pay a medical bill. In light of these vulnerabilities, some medical professionals have acknowledged that there may be validity to the argument that extra safeguards should be implemented to protect patient information.

At least for the time being, however, physicians do not have to comply with the requirements of the Red Flags Rule. As noted above, the final decision as to whether physicians will be deemed “creditors” for purposes of the rule will be made at the end of the year.