Organized medicine scores another delay on enforcement of identity theft rules
■ The AMA continues to challenge the FTC's application of the "red flags" rule to doctors but still advises compliance.
By Amy Lynn Sorrel — Posted July 30, 2009
- WITH THIS STORY:
- » Related content
Pressure from the American Medical Association and other medical organizations prompted a third delay -- from Aug. 1 until Nov. 1 -- of the Federal Trade Commission's enforcement of a new identity theft prevention rule. The latest reprieve gives organized medicine more time to persuade policymakers that what it considers an overly broad application of the "red flags" rule will prove financially and administratively onerous for physician practices.
The regulation requires entities that regularly extend credit or defer payment for services to implement a formal policy for detecting and preventing identity theft. The AMA and others repeatedly have objected to the FTC's interpretation that physician practices are creditors when they bill patients or allow patients to set up payment plans.
Such opposition resulted in two earlier delays of the rule's original Nov. 1, 2008, compliance date.
The FTC in a July 29 announcement said the latest postponement was intended to "ease compliance by providing additional resources and guidance to clarify whether businesses are covered by the rule and what they must do to comply." In addition to existing enforcement materials, the commission said forthcoming guidance will offer further direction to small and low-risk entities, which may include physician practices.
The FTC also said its efforts align with recommendations the House Appropriations Committee made in late July that the commission defer enforcement and take steps to minimize the rule's impact on health care entities with a low risk of identity theft problems.
Echoing the AMA's concerns, the House committee noted "the cost of compliance ... has the potential to be excessively burdensome on small health care providers." The committee also questioned the legality of the FTC's decision to subject health care entities to the rule without considering less-demanding alternatives. At this article's deadline, no legal actions had been filed.
The FTC has maintained that compliance costs would be minimal and that the commission is unlikely to pursue sanctions against entities that make good faith compliance efforts or rarely experience identity theft incidents.
Still, the AMA and other medical organizations continue to press federal policymakers for a legislative fix to exclude doctors from the rule's reach. Meanwhile, organized medicine wants physicians to get in compliance and take advantage of free resources from the AMA (link). The FTC also has guidance available (link).