The American Medical Association and others filed suit against the Federal Trade Commission on Friday, just 10 days before the June 1 deadline to comply with the Red Flags Rule.

The Red Flags Rule requires providers whose activities fall within the law's definition of "creditor" and "covered account" to develop a written program to spot the warning signs of identity theft.

But the AMA, American Osteopathic Association (AOA) and the Medical Society of the District of Columbia (MSDC) are seeking exclude physicians from the regulations.

The complaint, prepared by the Litigation Center of the AMA and State Medical Societies, charges that the FTC's rule exceeds the powers delegated to it by Congress and that its application to physicians is "arbitrary, capricious and contrary to the law."
 
"The final red flags rule provided no indication from the FTC that physicians fell within the definition of creditor," said AOA President Larry A. Wickless. "The FTC's decision to apply the rule to physicians is both misguided and inconsistent with its regulatory power."

The suit follows two years of communications to the FTC from the AMA and AOA regarding the unintended consequences of the red flags rule. On January 27, the AMA and AOA joined other groups to petition the FTC to exclude physicians from the Red Flags Rule. The FTC responded on March 25 saying it could not accommodate the request.

"This unjustified federal regulation of medicine treats physician practices like banks, credit card companies and mortgage lenders," said AMA President-elect Cecil B. Wilson, MD. "The extensive bureaucratic burden of complying with the red flags rule outweighs any benefit to the public."

"Physicians are already ethically and legally responsible for ensuring the confidentiality and security of patients' medical information," added MSDC President Peter E. Lavine, MD. "It is unnecessary to add to the existing Web of federal security regulations physicians must follow."

Linda Foley, founder of the Identity Theft Resource Center, a national victim assistance and public education organization, says cyber crime is a reality of today's digital age.

"We can't protect all the information from hacking and from an insider, but the goal is to limit opportunities," said Foley.

"It is incredibly important for healthcare professionals to have an identity theft plan in place," says Pam Dixon, founder of the World Privacy Forum, a nonprofit, public interest research group. "The AMA does not understand the gravity of medical identity theft. It would be a mistake to push back this regulation."

The lawsuit does not suspend the looming deadline, and the AMA encouraged physicians to use its online resources in order to comply with the FTC's rule.