On the heels of a lawsuit filed by multiple medical associations, the Federal Trade Commission has delayed enforcement of the Red Flags Rule through December 31, 2010, while lawmakers consider legislation that would affect the scope of entities covered by the rule.
The American Medical Association (AMA), the American Osteopathic Association, and the Medical Society of the District of Columbia filed a lawsuit in late May to prevent the FTC from extending the rules to physicians.
The rule was developed under the Fair and Accurate Credit Transactions Act, in which Congress directed the FTC and other agencies to develop regulations requiring that all creditors, including healthcare providers, address the risk of identity theft.
The rule requires that all covered entities develop and implement written identity theft programs (see "FTC Red Flags Rule places new burden on oncology").
Red Flags Rule resources
Federal Trade Commission
Medical Group Management Association
Medical Oncology Association of Southern California
The rule went into effect on January 1, 2008, with full compliance for all covered entities originally required by November 1, 2008. However, since November, the FTC has issued several delays at the behest of Congress.
According to the FTC, if Congress passes legislation limiting the scope of the Red Flags Rule with an effective date earlier than December 31, 2010, the commission will begin enforcement of the rule as of that effective date (see Table).
CECIL B. WILSON, MD
In a written statement, Cecil B. Wilson, MD, AMA president-elect, pointed out that the AMA has argued that "physicians are not creditors like banks and lenders, and the misguided Red Flags Rule should not apply to them....We hope this latest extension will be long enough for the FTC to take a good, hard look at the rule and finally exclude physicians from this unjustified and burdensome regulation of medicine."