According to this article from CMIO, The FTC’s interpretation of the regulation imposes an unfunded mandate on healthcare professionals for detecting and responding to identity theft, according to the organizations. In the letter, they asked the FTC to make it clear that the rule will not apply to their members given the result of recent litigation brought by the American Bar Association against the FTC where the U.S. District Court for the District of Columbia ruled that lawyers should be excluded from the requirements imposed by the “red flags” rule.

What do you all think about this? George Hulme the Healthcare blogger for InformationWeek had this to say: Step up and protect your customers from identity theft.

We believe that George has a valid point. Healthcare providers deal with sensitive customer information that can easily be compromised. Even though the Red Flags rule may be cumbersome to meet the requirements, what is the alternative? Having patients accept the responsibility when they become victims of identity theft? Wouldn’t it be better to have steps in place to ensure that this data is protected? We welcome all thoughts and feedback!