The American Medical Association (AMA) has filed suit in the U.S. district court, District of Columbia, along with the American Osteopathic Association and the Medical Society for the District of Columbia against the Federal Trade Commission (FTC) to put a halt to the FTC's "Red Flags Rule" being applied to health care professionals.

The Red Flags Rule requires creditors and financial institutions to adopt programs that prevent identity theft. The FTC has stated several times in the past that health care professionals are subject to the rule (see, DM 9497). The Red Flags Rule was mandated by the Fair and Accurate Credit Transactions Act of 2003 (FACTA). FACTA's definition of "creditor" includes any entity that extends credit on a regular basis or arranges for others to do so and all entities that regularly permit deferred payments for goods or services. However, many health care professionals have argued that they should not be included as businesses to whom the rule applies. Enforcement of the rule is slated to begin June 1 of this year.

The plaintiffs argue that physicians who do not require immediate payment upon services for care do not fit the FACTA definition of "creditor." They base this on the claim that they are not in the business of providing credit to customers; rather, not demanding full payment at the time of care is a benefit extended to patients to ease stress, or for insurance procedures. Or medical care may be given under emergency situations where demanding payment would be impossible. Therefore, the FTC exceeded its authority in placing them under the rubric of the rule. "Further," the complaint says, "the FTC's attempt to impose a duty upon physicians to investigate each patient's identity in advance of treatment conflicts with basic precepts concerning the patient-physician relationship and physicians' ethical responsibilities to safeguard that relationship." The plaintiffs also say the FTC is acting arbitrarily, capriciously and contrary to law by failing to articulate a rational connection between the practice of medicine and identity theft.
Additionally, the plaintiffs argue that the FTC did not follow federal law for promulgating a rule, including notice to the public and opportunity for public comment, as required by the Administrative Procedure Act. The plaintiffs say that the extension of the Red Flags Rule to physicians is "a substantive rule that was not anticipated by the public, a fact demonstrated by the FTC's repeated extensions of the rule's effective date, citing 'confusion' among those whom the FTC contends are subject to the rule."

The plaintiffs also note that the Health Information Technology for Economic and Clinical Health (HITECH) Act requires HIPAA-covered health care providers to notify patients of any unauthorized access, use, or disclosure of protected health information.

The complaint requests, among other remedies, that the court declare the Red Flags Rule unlawful and void as applied to the plaintiffs, even if physicians do not require payment at the time the care is provided; and that the FTC be permanently enjoined from implementing the Red Flags Rule against the plaintiffs.

"This unjustified federal regulation of medicine treats physician practices like banks, credit card companies and mortgage lenders," said AMA president-elect Cecil B. Wilson, M.D. in an AMA press release regarding the suit. "The extensive bureaucratic burden of complying with the Red Flags Rule outweighs any benefit to the public."

Adapted in part from an AMA press release.

More Industry Headlines