Skip to main content

Bill Exempts Doctors from FTC's Red Flag Rule on ID Theft

 |  By dnicastro@hcpro.com  
   December 09, 2010

The Senate and House have each passed a bill that changes the Red Flags Rule's definition of "creditor" and relieves doctors of complying with the Federal Trade Commission's identity theft prevention law.

The House Tuesday passed the bill—"Red Flag Program Clarification Act of 2010"—less than a week after the Senate approved the bill.

The enforcement date for the rule is Dec. 31, 2010. The FTC said earlier this year on its website that it delayed enforcement at the request of Congress as it "considers legislation that would affect the scope of entities covered by the rule." Compliance date was November 1, 2008.

And now, that very legislation passed this week only awaits a signature from President Obama before becoming law.

The bill calls for changes to the FTC's definition of "creditor." Smaller entities such as physician practices and doctor's offices have long debated they should be let off the hook from complying. Some have filed lawsuits.

Representative John Adler, D-NJ, said in the House debate Tuesday that the purpose of the Red Flag Program Clarification Act "is to limit the type of creditor that must be covered by the FTC's Red Flags Rule."

"When I think of the word 'creditor,' dentists, accounting firms, and law firms do not come to mind," Adler said.

However, he said, the Red Flags Rule as written now requires these types of professions and others to comply.

The FTC "broadly interpreted" creditors to include any business that allows clients to establish a payment plan in exchange for their services rendered, said Rep Paul Broun, R-GA. This swept in "many businesses that do not operate as a creditor in the general understanding of the term, such as dentists, doctors, veterinarians, lawyers, accountants, and many other health care providers that offer their clients payment plans."

Added Adler: "It is clear when Congress wrote the law, they never contemplated including these types of businesses within the broad scope of that law. ... We need to be careful that the laws we pass address the problem and do so in a way that doesn't adversely and unfairly impact small businesses."

This week's Clarification Act includes the following language regarding the definition of a creditor as one that regularly and in the ordinary course of business:

  • Obtains or uses consumer reports, directly or indirectly, in connection with a credit transaction
  • Furnishes information to consumer reporting agencies in connection with a credit transaction
  • Advances funds to or on behalf of a person, based on an obligation of the person to repay the funds or repayable from specific property pledged by or on behalf of the person

Creditors do not include those that advance funds on behalf of a person for expenses incidental to a service provided by the creditor to that person

The current language in the FTC's Red Flags Rule regarding the definition of a creditor includes:

  • A creditor is any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit.
  • Accepting credit cards as a form of payment does not in and of itself make an entity a creditor. Creditors include finance companies, automobile dealers, mortgage brokers, utility companies, and telecommunications companies.

The bill may be viewed here.

Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.

Tagged Under:


Get the latest on healthcare leadership in your inbox.