The Federal Trade Commission's (FTC) Red Flag Rule is delayed until June 1, 2010.  The delay comes at the request of Members of Congress.  This is the fourth time the FTC has put off the enforcement of the controversial rule, which requires "creditors" and "financial institutions" to develop and implement written identity theft prevention programs.

 

The FTC held the position that physician practices fell under the definition of "creditor" if they did not require full payment upfront from their patients.  The physician community, including the AOA, opposed the FTC's position and called on the agency to exempt physicians from compliance.  In addition to the regulatory burdens, the AOA was concerned that the Red Flag Rule could have serious consequences to patient access to care.      

 

The U.S. House of Representatives recently passed legislation that would exempt certain businesses, such as physician practices, from complying with the rule. It should be noted that the rule originates from the Fair and Accurate Credit Transactions Act, in which Congress directed the FTC and other agencies to develop regulations requiring "creditors" and "financial institutions" to address the risk of identity theft.

 

Medical identity theft is a small but potentially growing problem as more physicians adopt electronic health records.  While the compliance deadline is now June 1, 2010, physician practices should be knowledgeable about medical identity theft and consider taking precautions.