The House has approved legislation this week that will exempt certain businesses, including doctor’s offices and many hospitals, from the Identity Theft Red Flags Rule.
The bill, which the Senate approved Nov. 30, will now go to the president for his signature.
The bill was introduced by senators John Thune of South Dakota and Mark Begich of Alaska. This bill is a more general version of bill first introduced in May, and more narrowly defines the term “creditor” so that, in effect, far fewer organizations must comply with the rule.
The legislation makes it clear that doctors, lawyers, dentists, orthodontists, pharmacists, veterinarians, accountants, nurse practitioners, social workers and other types of health care workers will no longer be classified as creditors for the purposes of the Red Flags Rule because these businesses do not receive payment in full from their clients at the time services are provided, when they don’t offer or maintain accounts that pose a “reasonably foreseeable risk of identity theft.”
Under the Red Flags Rule, organizations that extend credit to their clients must develop and implement written identity theft protection programs that help identify, detect and respond to patterns, practices or specific activities, known as red flags, that could create identity theft. The rule applies, for example, to banks and federally-charted credit unions, which are examined for compliance by federal regulators.
Creditors that must comply under the bill are those that obtain and use consumer reports in connection with a credit transaction and furnish information to consumer reporting agencies. Also included are payday loan companies that don’t necessarily use consumer reports.
A member of Begich’s staff summed up the bill in this way: the bill narrows the applicability to cover those creditors where identity thieves can do the most harm.
