Jeff Drummond, health law partner in the Dallas office of Jackson Walker LLP, says the law doesn't actually "remove physicians from the Red Flags Rule." It clarifies in a reasonable way, he says, what a "creditor" is.
"I think the FTC went way overboard with their definition of 'creditor' including anyone who takes payment after providing the service," Drummond says. "Taken to its logical extreme, McDonald's and Burger King are not creditors, but Chili's is. So, it's a good change to rein in an overbroad regulatory agency."
Some physicians will still be creditors; plastic surgeons and lasik surgeons, for example, if they take payments over time from their patients.
Drummond adds it's not that hard to establish an identity theft prevention program, as the Red Flags Rule require; doctors have to have HIPAA programs in place anyway.
"It's just good practice, and good customer service, to have an ID theft prevention program in place," Drummond says. "So, even if you don't have to, you ought to."