FTC Delays Identity Theft Rule Yet Again

coondoggie sends news that the FTC, at the request of several members of Congress, has delayed enforcement of anti-ID-theft rules — for the fourth time since the original implementation date, November 2008. "The [Red Flags] rule requires financial institutions and other creditors to develop and carry out identity-theft prevention programs. ... The problem with the rule revolves around which entities must comply and develop identity-theft prevention programs. ... 'It's the act of delaying payment for services that can sweep in entities you wouldn't normally think of as creditors,' Kuehn said. Already, the American Bar Association, the American Medical Association, and the American Institute of Certified Public Accountants have sued, saying that the Red Flags Rule shouldn't apply to their members."

AMA objections.

[TheMeuge]

The reason for the objection by the AMA is that this rule would designate doctors as creditors, by virtue of them billing for their services. This would require a torrent of new paperwork to be handled by the doctors' offices. Ultimately, the time and staff cost of compliance would be extremely high, while there aren't likely to be any benefits in terms of reduction of personal data theft from medical practices, since HIPAA regulations are already very strict regarding personal information.

Since many hospitals and practices already operate on rather thin margins (3% is considered excellent for a hospital), the last thing medical institutions need is more staff to handle paperwork. They already outnumber doctors...