Senate votes to exempt lawyers, doctors from Red Flags

Share this article:
Lawyers, doctors and accountants are one step closer to getting their wish of not having to comply with the Federal Trade Commission's Red Flags Rule.

The U.S. Senate voted unanimously this week to pass the Red Flag Program Clarification Act of 2010, which limits the scope of businesses covered by the rule, essentially giving an exemption to lawyers, doctors, accountants, dentists, orthodontists, pharmacists, veterinarians, nurse practitioners and social workers and other service providers.

The Red Flags Rule, developed in accordance with the Fair and Accurate Credit Transactions Act of 2003 (FACTA), requires financial institutions and other organizations classified as “creditors” to develop programs to identify, detect and respond to indications of identity theft.

The rule has been met with pushback, resulting in numerous delays. Several groups oppose the rule's definition of “creditor," saying it is too broad and would cover small businesses in industries where identity theft poses little threat.

The American Medical Association (AMA), for example, filed a lawsuit in federal court seeking to prevent the FTC from extending the Red Flags Rule to physicians. The AMA's lawsuit followed two similar complaints – one filed by the American Bar Association on behalf of lawyers and one by the American Institute of Certified Public Accountants on behalf of accountants.

Under the existing rule, doctors and other service providers were classified as “creditors” because they let clients pay after they provided services, said Sen. Mark Begich, D-Alaska. These businesses generally do not, however, offer or maintain accounts that pose a reasonable risk of identity theft.

Under the new legislation, the rule would apply only to organizations that use consumer reports in connection with credit transactions, provide information to consumer reporting agencies or loan money. 

“Unless this bipartisan bill becomes law, many small businesses for which identity theft is not a threat could be required to spend time and effort to comply with the Red Flags Rule,” said Begich, according to Tuesday's Congressional Record. “Small businesses are the economic drive of our country, and…should be focused on job creation and should not have to spend the money to comply with regulatory burdens disproportionate to the scope of the identity theft problem."

The bill will now go to the House of Representatives for a vote.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.