Court Validates Red Flags Exemptions
Back in December, President Obama signed legislation that exempted certain businesses, including physician practices, from the Red Flags Rule. The Red Flag Program Clarification Act of 2010 more narrowly defined the term "creditor" so that, in effect, far fewer organizations must comply with the rule. Sens. John Thune, R-S.D., and Mark Begich, D-Alaska, introduced the measure, S 3987.
The U.S. Court of Appeals for the District of Columbia, in ruling on a case brought by the American Bar Association that sought to exempt attorneys from the rule, pointed out that the new law made the case moot. As a result, the American Medical Association, which joined with others in filing a similar case seeking to exempt physicians, announced it had officially dropped that lawsuit.
"The court's decision reinforces the intent of the new law clarifying the scope of the Red Flags Rule and helps eliminate any further confusion about the rule's application to physicians," said AMA President Cecil Wilson, M.D.
The court noted that in light of the passage of the new law, the Federal Trade Commission's assertion that the term "creditor" as used in the Red Flags Rule includes "all entities that regularly permit deferred payments for good or services," including professionals such as lawyers and health care providers, who bill clients after services are rendered, "is no longer viable."
Red Flags Provisions
Under the Red Flags Rule, which became effective Jan. 1, 2008, organizations that extend credit to their clients must develop and implement written identity theft prevention programs that help identify, detect and respond to patterns, practices or specific activities, known as "red flags," that could indicate identity theft. The rule applies, for example, to banks and federally-chartered credit unions, which are examined for Red Flags compliance by their federal regulators.
Under the new exemption law, creditors that must comply with the Red Flags rule no longer include those who "advance funds on behalf of a person for expenses incidental to a service provided by the creditor to that person." Creditors that must comply are those that obtain and use consumer reports in connection with a credit transaction and furnish information to consumer reporting agencies.
Don Asmonga, government relations manager for the American Health Information Management Association, said last year that the law apparently also means that those hospitals that do not regularly request credit reports for credit transactions are exempt from the Red Flags Rule.