At last, physicians and other professionals and service providers get some relief from proposed identity theft compliance obligations. On December 18, President Obama signed the "Red Flag Program Clarification Act of 2010" into law [Text, PDF].  Under the measure, physicianswill no longer be defined as "creditors" under the controversial "Red Flag Rules."  The changes were passed by the Senate in November and the House last week after months of lobbying and litigation by professional societies.

The brief clarifying statute redefines "creditor" to exclude service providers that advance funds on behalf of a person for expenses incidental to a service they provide to that person. The Red Flag Rule was designed to require creditors such as banks, credit card companies and other lenders, to implement various safeguards to protect their clients from identity theft.  

The original statute defined "creditor" broadly, and the FTC initially interpreted it to apply to physicians and other professionals who bill their clients for services, believing that they were obligated to do so by the statutory language. After being bombarded with complaints, FTC chairman Jon Liebowitz assured physicians that his agency was pushing Congress to work quickly to fix the Red Flag Rule that he said had "unintentionally swept up countless small businesses – including every doctor, dentist, lawyer, gardener, plumber, and housekeeper who bill customers on a monthly basis."

The effective date of the Red Flag rules has been postponed several times, most recently in June, and will take effect for other creditors on January 1, 2011.  The American Bar Association and other professional societies had sued the FTC earlier this year and the federal agency had agreed to delay enforcement for attorneys, physicians and accountants until the appeal of that ruling was heard – it remains pending but will be rendered moot by this legislation