Compliance Management, Incident Response, Government Regulations, Network Security, TDR

Senate votes to exempt lawyers, doctors from Red Flags

Lawyers, doctors and accountants are one step closer to getting their wish of not having to comply with the Federal Trade Commission's Red Flags Rule.

The U.S. Senate voted unanimously this week to pass the Red Flag Program Clarification Act of 2010, which limits the scope of businesses covered by the rule, essentially giving an exemption to lawyers, doctors, accountants, dentists, orthodontists, pharmacists, veterinarians, nurse practitioners and social workers and other service providers.

The Red Flags Rule, developed in accordance with the Fair and Accurate Credit Transactions Act of 2003 (FACTA), requires financial institutions and other organizations classified as “creditors” to develop programs to identify, detect and respond to indications of identity theft.

The rule has been met with pushback, resulting in numerous delays. Several groups oppose the rule's definition of “creditor," saying it is too broad and would cover small businesses in industries where identity theft poses little threat.

The American Medical Association (AMA), for example, filed a lawsuit in federal court seeking to prevent the FTC from extending the Red Flags Rule to physicians. The AMA's lawsuit followed two similar complaints – one filed by the American Bar Association on behalf of lawyers and one by the American Institute of Certified Public Accountants on behalf of accountants.

Under the existing rule, doctors and other service providers were classified as “creditors” because they let clients pay after they provided services, said Sen. Mark Begich, D-Alaska. These businesses generally do not, however, offer or maintain accounts that pose a reasonable risk of identity theft.

Under the new legislation, the rule would apply only to organizations that use consumer reports in connection with credit transactions, provide information to consumer reporting agencies or loan money. 

“Unless this bipartisan bill becomes law, many small businesses for which identity theft is not a threat could be required to spend time and effort to comply with the Red Flags Rule,” said Begich, according to Tuesday's Congressional Record. “Small businesses are the economic drive of our country, and…should be focused on job creation and should not have to spend the money to comply with regulatory burdens disproportionate to the scope of the identity theft problem."

The bill will now go to the House of Representatives for a vote.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.