The Federal Trade Commission's "red flags rule" requires businesses offering credit to come up with a written policy for finding, preventing, and dealing with identity theft. But the law is controversial, and has been delayed several times—most recently, last week, when the FTC pushed off until Dec. 31 the implementation originally scheduled for June 1. The American Bar Association sued last year, saying the law shouldn't apply to lawyers, and a judge agreed. Now the American Medical Association is making its own case for exemption. Last week the group and two others—the American Osteopathic Association and the Medical Society of the District of Columbia, sued the FTC, arguing physicians should not be subject to the rule, the Wall Street Journal Health Blog reports.