After more than two years of appealing to the Federal Trade Commission that physicians shouldn't be considered creditors under its "red flags rule," on May 21, the American Medical Association, the American Osteopathic Association and the Medical Society of the District of Columbia filed a lawsuit in federal court to fight for exemption to the federal regulation. Failure to comply with the rule, which requires all "creditors"--which the FTC says includes physicians because they establish a payment deferral process with patients--to implement policies for preventing and detecting identity theft, could mean administrative penalties or up to $3,500 in fines per violation.

"This unjustified federal regulation of medicine treats physician practices like banks, credit card companies and mortgage lenders," said AMA president-elect Cecil B. Wilson, M.D., in an AMA press release regarding the suit. "The extensive bureaucratic burden of complying with the Red Flags Rule outweighs any benefit to the public."

Physicians have grown accustomed to last-minute delays in rule enforcement, with the latest May 28 announcement that businesses would have until January 1, 2011, rather than June 1, 2010, to comply arriving right on cue. But despite repeatedly granting the delays, the FTC has not wavered in its position that the regulation was meant to cover a wide range of identity theft, reports American Medical News. Unless Congress acts, the FTC does not have the authority to exempt doctors, officials said.

Like lawyers and accountants, physicians argue that their businesses are not financial institutions and should not be subject to the same requirements as banks, mortgage lenders and credit card companies. But unlike The American Bar Association and the American Institute of Certified Public Accounts--which have both filed similar lawsuits, with the ABA case pending in Washington, D.C., district court-physician groups additionally point out they're already required to protect patients' personal information by HIPAA and doctor-patient confidentiality.

"The worst part is, I think, from a strictly ethical point of view, that you have to approach every new patient with suspicion about their identity," AMA spokesman Robert Mills told HealthLeaders Media. "That violates every precept of the physician-patient relationship; the FTC is asking doctors to violate their role as trusted healer and counselor."

Organized medicine's lawsuit "may well be successful," Peter F. McLaughlin, a healthcare privacy and security expert in Foley & Lardner LLP's Boston office, told AM News after the latest extension was announced. "But I'm not sure the FTC would be feeling particularly sympathetic, postlitigation, to anyone who was unprepared," he added, recommending that practices take the time to evaluate their individual risks for identity theft and develop customized plans accordingly.

To learn more:
- read the article in American Medical News
- check out this article from HealthLeaders Media
- view this piece on MedPage Today
- check out this AMA blog post

Related Articles:
Physician groups call on FTC to reevaluate its 'broad application' of Red Flags privacy rule
Medical identity theft protections to take effect next month
Doctors win 4th delay of FTC 'red flag' rules