The new red flag compliance rules set to go into effect for a number of businesses on June 1, 2010 have many upset by the increased regulations. The rules are aimed at providing additional identity theft protection to consumers by requiring businesses, including hospitals, the auto industry and some retailers to draft a standard procedure for detecting and resolving identity theft. However, the American Medical Association, State Medical Societies and American Osteopathic Association recently filed a lawsuit against the Federal Trade Commission in an effort to remove physicians from the new laws, according to the Clinical Oncology news website.
The medical groups argue that the FTC is overstepping the powers granted to them by Congress by placing physicians under the scope of red flag rules, which are intended mainly for creditors, the website reports.
"This unjustified federal regulation of medicine treats physician practices like banks, credit card companies and mortgage lenders," AMA president-elect Cecil Wilson said. "The extensive bureaucratic burden of complying with the Red Flags Rule outweighs any benefit to the public," Wilson added.
The FTC argues that by accepting credit card payments and maintaining the option to defer a patient's balance, hospitals are acting as creditors or financial institutions and are therefore subject to the same laws, including red flag compliance, reports the website.
Medical identity theft is the fastest-growing type of identity theft and poses a particular threat to victims. In addition to obtaining credit card and Social Security information listed in medical records, criminals can also use health and insurance information to seek medical services under the victim's name, the website said. Those who receive services under someone else's name often cause their medical history to be altered, increasing their risk of receiving an adverse medical treatment during a sudden emergency.
The risk of falling victim to medical identity theft is expected to increase dramatically as more medical records are transferred to an electronic database system. The electronic storage and transmission of medical documents extends access of patient records to hospitals, clinics and urgent care facilities nationwide, raising the risk of a data breach. In 2009, nearly 1 million identities were compromised by a Blue Cross Blue Shield data breach, in which 57 hard drives were stolen. Ponemon Institute's senior privacy analyst Michael Spinney told ComputerWorld that the average data breach costs total $6.75 million to repair.