The American Medical Association and other healthcare organizations want the Federal Trade Commission to exempt them from the "red flags" rule, designed to block identity theft in credit card transactions.

The rule calls for organizations that extend credit to have written plans for watching and responding to identity theft "red flags," according to a report on the red flag dispute on ModernHealthcare.com. The original enforcement date was Nov. 1, but the FTC put that off until June 1.

"In a new letter to FTC chairman Jon Leibowitz, the AMA, the American Dental Association, the American Osteopathic Association and the American Veterinary Medical Association point to a recent court decision they say supports their complaint that the FTC has overstepped what Congress intended with the Fair and Accurate Credit Transactions Act of 2003."

That case was brought by lawyers, who convinced the court that they can't be considered creditors just because they invoice clients. The FTC has delayed enforcement of the rule until June 1.

The rule calls for organizations that extend credit to have written plans describing how they will watch for and respond to identity theft “red flags” in their billing operations.

HealthData Management has more:

"The rule requires many businesses, including health care organizations, to take specific steps to minimize identity theft. These steps include identifying suspicious activity involving Social Security numbers, credit reports and other identifying information. This would involve new policies and procedures, and likely implementation of new data security and regulatory compliance software products."

George Hulme, writing at InformationWeek, says the healthcare providers are wrong:

"This healthcare consortium may be legally right, and they may win this argument.

"But they're going to lose the battle over their public image. The fact is that most healthcare providers do painfully little to protect their patients' from identity and medical identity theft. This comes despite years of news reports covering the growth of medical identity theft and hospital workers snooping at what should be private health data. So if they don't care about protecting patient data, why should we expect them to care about keeping an eye out for potential identity thieves?"

However the healthcare providers' argument with the FTC turns out, protecting confidential customer data, such as credit card numbers, is important. It's good business, and it protects an organization against litigation and fines. Palisade Systems' PacketSure™ technology can help. Get a demo.