House Approves Red Flags Exemptions

Bill Now Awaits President's Signature
House Approves Red Flags Exemptions
The House, by voice vote, on Tuesday approved legislation that would exempt certain businesses, including physician practices and apparently many hospitals, from the Identity Theft Red Flags Rule.

The bill, which the Senate approved by unanimous consent Nov. 30, now goes to the president for his signature.

Sens. John Thune, R-S.D., and Mark Begich, D-Alaska, introduced the measure, S 3987. Unlike an earlier bill the two senators introduced in May, the latest version approved by the House and Senate does not spell out that certain professionals with 20 or fewer employees are exempt. Instead, it uses more general terms to more narrowly define the term "creditor" so that, in effect, far fewer organizations must comply with the Red Flags Rule.

Red Flags Exemptions

In a colloquy in support of the bill last week, Sen. Christopher Dodd, D-Conn., said the legislation "makes clear that lawyers, doctors, dentists, orthodontists, pharmacists, veterinarians, accountants, nurse practitioners, social workers, other types of healthcare providers and other service providers will no longer be classified as 'creditors' for the purposes of the Red Flags Rule just because they do not receive payment in full from their clients at the time they provide their services, when they don't offer or maintain accounts that pose a reasonably forseeable risk of identity theft."

The Federal Trade Commission has postponed enforcement of the Red Flags Rule several times. Lawsuits on behalf of attorneys as well as physicians seeking to block the FTC from applying the rule to these professionals are pending.

Under the Red Flags Rule, which became effective Jan. 1, 2008, organizations that extend credit to their clients must develop and implement written identity theft prevention programs that help identify, detect and respond to patterns, practices or specific activities, known as "red flags," that could indicate identity theft. The rule applies, for example, to banks and federally-chartered credit unions, which are examined for Red Flags compliance by their federal regulators.

Red Flags Compliance

Under S 3987, creditors that must comply with the rule would no longer include those who "advance funds on behalf of a person for expenses incidental to a service provided by the creditor to that person."

Creditors that must comply, under the bill, are those that obtain and use consumer reports in connection with a credit transaction and furnish information to consumer reporting agencies. Also included are so-called payday loan companies that don't necessarily use consumer reports, according to a staffer for Begich.

In the colloquy last week, Thune said, "Any other type of creditor may only be covered through a rulemaking based upon an agency's determination that these type of creditors offer or maintain accounts that pose a reasonably foreseeable risk of identity theft."

Don Asmonga, government relations manager for the American Health Information Management Association, said the bill apparently would exempt hospitals as well as physicians. He said he interprets the bill's language to mean "If a hospital does not regularly request credit reports, then they would be exempt from the Red Flags Rule."

A member of Begich's staff summed up the bill in this way: "The Tune-Begich bill narrows the applicability to cover those creditors where identity thieves can do the most harm."


About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.