Bill introduced to exempt docs from Red Flags Rule
A bill to exempt doctors from complying with the Federal Trade Commission's Red Flags Rule, slated to go into effect June 1, was introduced earlier this week.
Bill S. 3416 to amend the Fair Credit Reporting Act to provide for an exclusion from Red Flag Guidelines for certain businesses was introduced May 25 by Senators John Thune (R-SD) and Mark Begich (D-AK).
The senators say the bill aims to protect small businesses like doctor's and dentist's offices, veterinary clinics and accounting offices that the FTC has mistakenly classified as "creditors."
A similar measure (HR 3763) was passed by the House of Representatives last year by a vote of 400-0.
"Identity theft is a serious problem, but the FTC rules are too broad and ensnare businesses that pose little risk to consumers," said Thune. "This legislation will help small businesses avoid the costly implementation of unnecessary measures to guard against identity theft."
Scott Mitic, CEO of TrustedID and a national expert on identity theft and consumer credit issues, says the rule is common sense and doctors should already be complying with it.
"This is good business practice," he said. "With the rate of identity theft growing in U.S. it makes good business sense for anyone extending credit to be cautious about risk of identity theft."
"It is important for businesses to work to protect the identity of their customers," said Begich. "But we have to be careful to not unduly harm small businesses, and these explicit exemptions are necessary to make sure they don't face unnecessary actions costing them time and money."
The Red Flags Rule requires certain businesses to develop a written program to spot the warning signs – or "red flags" – of identity theft.
Mitic says the rule only requires doctors to use "reasonable efforts" to be able to detect these flags for identity theft. He says there is no reason to rush out and buy expensive fraud detection software.
Pam Dixon, founder of the World Privacy Forum agrees.
"In terms of Red Flags Rule, the simpler the better," she said. "You should be able to plug it into HIPAA compliance and what you are already doing."