Congress Clarifies ‘Creditor’ Definition for Red Flags Rule

Abstract

Action during the last days of the 111th Congress could clarify the definition of a “creditor” under the Red Flags rule, a move that could help bolster the case that physicians should not have to abide by the new identity theft safeguards. The rule was written to implement provisions of the Fair and Accurate Credit Transactions Act and requires creditors to develop formal identity theft–prevention-and-response programs. However, physician groups have long asserted that they are not creditors and should be exempt from the burdensome requirements. Under the new law (S. 3987, the Red Flags Program Clarification Act), which was signed by President Obama Dec. 18, Congress said that a creditor is not someone who simply “advances funds on behalf of a person for expenses” related to a service. As of Jan. 26 the Federal Trade Commission (FTC) said on its Web site that the agency was revising the site to reflect that limitation. Elsewhere, however, the site still notes that groups that may fall within the definition of creditor include health care providers. “This bill will help eliminate the current confusion about the rule's application to physicians,” AMA President Cecil B. Wilson, MD, said in a statement when the new law was passed. “We hope that the FTC will now withdraw its assertion that the red flags rule applies to physicians.” The Red Flags rule became effective on Jan. 1, 2008. However, the FTC delayed its enforcement five times to give organizations more time to adjust or at the request of members of Congress.